BlueToad: We're the real source of Apple UDIDs leaked by AntiSec

By Lee Kaelin on

BlueToad, a Florida-based digital publishing firm, announced today that the one million stolen Apple Unique Device Identifiers (UDIDs) published by AntiSec hackers last week were taken from its servers two weeks ago, and are not part of an FBI snooping project.

David Schuetz, a researcher for New York mobile device security consultant Intrepidus Group, approached BlueToad last week to inform them that they might be the source of the iPhone UDID leak, after finding multiple references to their firm in the device strings of the database published by the hackers.

In response, BlueToad's technicians analyzed the database online and compared it to their version, finding a 98% match between the two. Further research revealed that the data had been stolen in the past two weeks, though more details weren't given as the investigation is ongoing.

BlueToad CEO Paul DeHart is convinced that the leaked database was stolen from his firm's servers, though he notes that the hackers definitely didn't make away with the full 12 million UDIDs they originally claimed to have swiped. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this," DeHart said.

Anonymous claimed they stole the information from a federal agent's laptop through a Java vulnerability and the database was uploaded to the Internet purely to highlight the FBI's alleged tracking of Apple devices. The FBI was quick to deny this, saying, "there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

DeHart concedes this still may have happened. Although he's certain the data came from BlueToad's servers, it could have theoretically landed on an FBI agent's laptop where it was eventually swiped.

"We decided to come forward to apologize to our customers, partners and the public in general that this got out there," DeHart said to the New York Times. "We face thousands of attacks every day that we've been successful at defending. This one happened to get through."

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.