root@dafthack:~#‎ > ‎

AntiSec Releases 1 Million Apple UDIDs

posted Sep 4, 2012, 1:22 PM by Beau Bullock   [ updated Sep 10, 2012, 1:24 PM ]
Today the hacker collective known as AntiSec released a post on Pasteb
in announcing t
hat they have
successfully hacked a Dell Vostro laptop being used by an FBI agent. Allegedly the FBI agent was breached using the AtomicReferenceArray vulnerability in Java. One of the files found on the laptop was titled "NCFTA_iOS_devices_intel.csv". Antisec has stated that this file contains a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.
AntiSec Pastebin post: http://pastebin.com/nfVT7b0Z
Check to see if your Apple device was amongst the 1 million UDIDs released: http://thenextweb.com/apple/2012/09/04/heres-check-apple-device-udid-compromised-antisec-leak/
 
UPDATE: The FBI has made a formal statement about this event stating that the claims are false.  They say they do not have any evidence that a laptop was hacked nor were there any files containing UDIDs on said laptops.  A security researcher, Peter Kruse says he was able to find his own iPhone, and two iPads stored within the database of UDIDs.  It is now very uncertain where the data came from, if it contains 12 million real UDIDs, or if the FBI agents laptop was actually hacked.  Here is the response from AntiSec to the posting by the FBI's Press Office on Twitter:
 
Another interesting post made by @AnonymousIRC states that if you find your UDID in the data drop to check your installed apps.  It would seem that a common app may be where the UDID/personal information was pulled from.
 
 
UPDATE 2:
Now a small Florida publishing company called “Blue Toad” has come forward saying the stolen UDID’s came from their own database.  They had a forensic analyst come in and they found that the data was stolen in the last two weeks or so.  I’m curious why AntiSec thought that they would be able to make it look like the FBI was hacked… I guess they thought no one would find out where the data actually came from.
Comments