A 26-year-old man pleaded guilty on Thursday to writing the code used to steal email addresses and personal information belonging to 120,000 Apple iPad subscribers from AT&T computer servers.
Daniel Spitler, of San Francisco, entered the guilty plea in a US federal court in Newark, New Jersey, the Justice Department said in a statement.
Spitler, who surrendered to the authorities in January, pleaded guilty to one count of conspiracy to gain unauthorized access to computers connected to the Internet and one count of identity theft, it said.
Each charge carries a maximum sentence of five years in prison. Sentencing was set for September 28.
"Computer hackers are exacting an increasing toll on our society, damaging individuals and organizations to gain notoriety for themselves," US attorney Paul Fishman said.
"Hacks have serious implications -- from the personal devastation of a stolen identity to danger to our national security," Fishman said.
"In the wake of other recent hacking attacks by loose-knit organizations like Anonymous and LulzSec, Daniel Spitler's guilty plea is a timely reminder of the consequences of treating criminal activity as a competitive sport," he said.
The Justice Department said Spitler had admitted to being a member of Goatse Security, a loose association of Internet hackers.
In June 2010, the hackers attacked AT&T servers and obtained email addresses and other personal information of around 120,000 iPad subscribers to AT&T's 3G service.
They included the email addresses of a number of high-profile iPad users including US business leaders, politicians and military officials.
"The magnitude of this crime affected everyone from high ranking members of the White House staff to the average American citizen," FBI Newark special agent Michael Ward said. "It's important to note that it wasn't just the hacking itself that was criminal, but what could potentially occur utilizing the pilfered information."
Using a script called an "iPad 3G Account Slurper," the Goatse hackers managed to obtain the number used to identify a subscriber on AT&T's network known as the ICC ID, which stands for integrated circuit card identifier.
Until the attack, AT&T automatically linked an iPad 3G user's email address to their ICC ID.