Hacking group Antisec hasĀ releasedĀ a dump of 1 million unique identifiers, or UDIDs for short, from Apple iOS devices late last night. AntiSec is claiming the records came from a file found on an FBI laptop back in March of this year.
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no
other file on the same folder makes mention about this list or its purpose.
Wow. As said by AntiSec in their statement, the file contains over 12 million UDIDs along with bits of personal information and even push notification service tokes, but to make a point they simply released one million (1,000,001 to be exact) of those device UDIDs. The source of the data is not entirely clear at this time, but some speculate the data may originate from a developer. The question is, though, what is the FBI doing with that info?
You can view the full statement by AntiSec on Pastebin. If you’re interested in seeing if your device ID is one of the million that were leaked, The Next Web has put together a tool for you to check. Both of my iOS devices are in the clear and had no data leaked by the group.
UPDATE: In a statement to All Things D, a FBI spokesperson said the following:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
They sadly got mine -_-
[...] hearing, last Tuesday an offshoot of Anonymous, AntiSec, posted one million iOS device UDIDs and claimed they came from the FBI. The FBI denied this, and it looks like they were telling the truth. Today a publishing company in [...]