App company admits to being the source of Apple UDID leak

Security

by Steve Evans| 11 September 2012

BlueToad was hacked, contradicting Anonymous claims over FBI data breach


A Florida-based app publishing company called BlueToad has claimed it was the source of the Apple UDID leak, contradicting claims from Anonymous that it hacked them from an FBI laptop.

"A little more than a week ago, BlueToad was the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems. Shortly thereafter, an unknown group posted these UDIDs on the Internet," BlueToad CEO Paul DeHart wrote on the company's blog.

Speaking to NBC News, DeHart said data released by Anonymous closely matched data held on one of the company's databases. DeHart believes Blue Toad was hacked several weeks ago.

"As soon as we found out we were involved and victimised, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this," he told NBC News.

He apologised to those whose data was stolen, adding that an investigation is underway into the exact circumstances.

As an app developer and publisher BlueToad would have access to Apple Unique Device Identifiers (UDIDs). Every device running iOS has one as they are used by app developers and advertisers to track user behaviour.

Earlier this month Anonymous leaked one million UDIDs out of about 12 million it claimed to posses. It said it had hacked the data from a laptop belonging to an FBI agent as it wanted to publicly expose the monitoring and tracking by US government agencies such as the FBI.

However the FBI was quick to deny it was the source of the data, saying in a statement that it could find, "no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

Apple also denied handing over the information to the FBI. It is also phasing out the use of UDIDs, partly

There has been no response yet from the usual Twitter accounts connected to Anonymous. However one thing is clear: the dates do not match up. Anonymous said the information was hacked back in March but BlueToad believes its data breach occurred within the last two weeks.

DeHart admitted that it is possible the data had been shared by whoever stolen it from BlueToad and found its way onto an FBI laptop.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

755 people like this.
0 people follow this.

Security Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.