Two hackers who exposed a serious flaw in the security of phone network AT&T by obtaining thousands of email addresses belonging to iPad users – including top politicians, company executives and military officials – have been arrested and charged with fraud and conspiracy to access a computer.

Daniel Spitler, 26 and Andrew Auernheimer, 25, were due to appear in courts in New Jersey and Arkansas later today .

Auernheimer was arrested while already at court in Fayetteville on unrelated drugs charges. The pair are accused of having masterminded a breach of the US network's servers last June that compromised the personal email data of up to 120,000 iPad users. The hacking escapade was a huge embarrassment both for AT&T and for Apple, coming just two months after the launch of the iPad.

The accused have yet to present their defence. They are understood to be members of Goatse Security, the hacker group that carried out the attack on the iPad.

One possible line of defence is that they informed AT&T of the breach, allowing the telecoms company to close the hole and secure its servers.

The same hacker group had previously exposed weaknesses in the Firefox and Safari web browsers.

Valleywag, the Gawker-owned site carrying news and gossip on Silicon Valley, was given access to some of Goatse Security's hacked information at the time of the breach, and reported that several high-profile figures had had their email addresses compromised. They included Rahm Emanuel, then chief of staff at the White House, New York Times chief executive Janet Robinson, ABC news presenter Diane Sawyer, New York mayor Michael Bloomberg and William Eldredge, a bomber commander in the US Air Force.

The breach affected several big banks, including Goldman Sachs and JP Morgan, and media organisations such as Time Warner and News Corporation. A number of members of Congress and Nasa employees also had their names and email addresses exposed.

It is not known what Goatse Security has done with the information it obtained.

The flaw applied only to the 3G models of iPad that have internet connectivity through mobile link and not just through wireless access. The hackers gained access to the database of emails by using the so-called ICC-IDS, the identifier used to attach an individual subscriber to their SIM card.

Goatse Security guessed the ICC-IDS of a large number of iPad subscribers by comparing how the identifier was framed for users whose details they already knew. They then sent huge sequences of the ICC-IDS to AT&T and through them obtained the email addresses attached to the accounts.

The charge sheet released today says that the prosecution has records of internet chats between the two accused that demonstrate they were responsible for the data breach. It alleges they did so in order to damage AT&T and to promote Goatse Security and themselves.

Before the incident Auernheimer had described his activities to the New

York Times: "I hack, I ruin, I make piles of money."