Hacker group leaks 1 million Apple device IDs from FBI breach

By , Sep 4, 2012

Earlier this year, Apple started rejecting applications that called on unique device identifiers (or UDIDs). The move came amidst privacy and security concerns, as several apps were found to be misusing the information.

Tonight, those concerns multiplied as the hacking group known as AntiSec announced that it had acquired more than 12 million device IDs from a recent FBI hack. And they’ve just released a million of them…

TheNextWeb points to the report on Hacker News:

“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ”NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.”

Of the 12.3 million Apple device IDs discovered, AntiSec only published a million or so to call attention to the issue. They say they’ve deleted most of the personal data from the file, but left enough so users could look to see if their devices were listed or not. MacRumors says that it has confirmed that the UDIDs are legitimate.

So, should we be worried? Not necessarily. Outside the main question of “what in the world is the FBI doing with a list of more than 12 million UDIDs,” there’s not much at risk here. Generally, UDIDs are harmless by themselves. But if the conditions are right, they can be linked to things like Facebook and Twitter accounts.

The hackers finish their rant by saying “We never liked the concept of UDIDs since the beginning indeed. Really bad decision from Apple. fishy thingie” — echoing the thoughts of several other security experts in the Apple community. It’ll be interesting to see what comes of this leak, and if Apple or the FBI will have anything to say.

Ok conspiracy theorists, why do you think the FBI had a list of UDIDs?

  • Share:
  • Follow:
  • Kok Hean

    Soon.

  • http://twitter.com/bensge benno

    UDIDs aren’t exploits

    • christodouluke

      Huh? Is this a reply to someone? Who said they were?

  • http://twitter.com/myorangeisstuck willie

    They just want to upgrade to ios 6 beta. Nice try

  • http://www.facebook.com/luisreyespr Luis

    Such a long process to search for a specific UDID. Maybe other time ill check it out to see if im there :O

    • http://twitter.com/newyorkminute10 NEWYORKMINUTE10

      Where are they hosted? Link?

  • http://www.facebook.com/brent.bevear Brent Bevear

    Fucking FBI.

  • http://twitter.com/int3nsive Int3nsive

    The lack of FBI security is too damn high..

    • EpicFacepalm

      We call that Windowns And Maxucks ;)

  • Zorvage

    Where can I find a DL link?

    • Diego

      Just save as link from the .TXT file.

  • UZMAN NALEER

    illuminati

  • http://www.youtube.com/Tr1pTr0p Tr1pTr0p

    There is no privacy in the land of the free.

  • Diego

    mine is safe, not on the list