A man faces five years in prison at least a $250,000 fine for hacking into AT&T's servers and stealing the data of 120,000 iPad users.

A New Jersey jury found Andrew Auernheimer guilty on Tuesday. His co-defendant, Daniel Spitler, pleaded guilty to the same charges in June 2011. Both men are still to be sentenced.

The crime took place in 2010 when Auernheimer and Spitler, part of Goatse Security, a loose collection of hackers, authorities have alleged, discovered a security hole in AT&T’s website and used this to obtain email addresses and ICC-ID unique identifiers using an automated scripting tool.

At the time, Auernheimer argued that the hack was "ethical" and "in the public interest" because it revealed a flaw in AT&T's website. The men claimed that their motives were to reveal AT&T's inadequate security, but chat logs showed their goal had been to promote themselves and ruin AT&T's reputation. This was backed up by an email sent by Auernheimer to a US attorney, in which he insisted that AT&T should be held accountable for "their insecure infrastructure as a public utility," reports Wired.

The men provided the stolen information to the website Gawker, and that site published an article naming people whose emails had been compromised. Those victims included an ABC News anchor, New York Mayor Michael Bloomberg, former White House chief-of-staff Rahm Emanuel, and top executives at Dow Jones, The New York Times, Time Warner, and NASA.

Follow Karen Haslam on Twitter / Follow MacworldUK on Twitter 


Judge gives second AT&T iPad hacker more time to make deal

AT&T iPad hacker pleads guilty

Apple stops password resets after iCloud hack

AT&T Apple iPad hacker fought for media attention, documents show