[Groxx]

From the hacking group:

all data was gathered from a public webserver with no password, accessible by anyone on the Internet.

Sounds like an AT&T's-website security breach (big shocker there, their sites are horrendous and half-broken at all times). Further down they describe the attack:

Members of the group used the UCC-ID that is on each iPad 3G and pinged the AT&T login page with it. That page returned an e-mail address associated with that iPad 3G. They then wrote a simple script to ping the page with a series of numbers repeatedly until they had 114,000 e-mail addresses.

So... AT&T is a moron (further shock. Can you feel the shock? It's shocking.). It has nothing to do with the iPad.