Open Source Subnet An independent Open Source community View more

Anonymous stole Apple UDIDs from BlueToad, not the FBI

BlueToad CEO Paul DeHart admitted in an NBC News interview that the data came from his company's database. The AntiSec hackers who dumped the UDIDs originally claimed they were stolen from an FBI laptop.

In an exclusive interview with NBC NewsPaul DeHart, CEO of publishing company BlueToad, said an independent comparison between the Apple iPhone and iPad unique device identification (UDID) numbers dumped by Antisec hackers last week and the UDIDs stored in Blue Toad's database returned a 98% match.

As a result, DeHart says he is 100% confident that the leaked information was stolen from his company. The admission also vindicates the FBI, from which the hackers claimed to have stolen a total of 12 million UDIDs.

RELATED: Did AntiSec snag Apple UDID list from FBI laptop via Java 0day exploit?

How to find out if your iPhone or iPad UDID has been compromised

According to the NBC News report, DeHart says BlueToad was initially contacted by researcher David Schuetz about the correlation between the Antisec-affiliated data dump and his company's database. From there, BlueToad found that it had lost UDID numbers in the past two weeks, DeHart told NBC News.

"As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this," DeHart told NBC News.

The admission, commendable in its own right, puts a week-long debate to rest. The day after the hackers published the Pastebin post that contained the data, along with ideological ramblings about privacy rights and claims that the information was stolen from an FBI laptop, the FBI declared that the accusations were "totally false." Still, with the possibility lingering and Anonymous hackers risking the collective's reputation on the claim, some speculated that the FBI may have been covering it up.

Anonymous has yet to make any statement since the Pastebin post was published last Monday.

With the admission, BlueToad quickly became the target of privacy and data collection questions Apple and the FBI had to answer after the allegations first arose. The FBI reiterated that it never had the data in the first place, while Apple maintained that it, if the FBI had obtained the data, Apple did not hand it over voluntarily.

However, Apple spokeswoman Trudy Mullter told NBC News that it comes as no surprise that BlueToad had access to UDID numbers.

"As an app developer, BlueToad would have access to a user's device information such as UDID, device name and type," Apple spokeswoman Trudy Mullter told NBC News. "Developers do not have access to users' account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer."

In addition to coming forward, DeHart apologized on behalf of his company. BlueToad, however, will not be contacting individual users if their UDID was among those leaked, DeHart says. That will be undertaken by individual publishers the company works with.

In the meantime, here's how to find out if your Apple UDID number was among those leaked.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies