Just last week, hacker group AntiSec posted a list of over one-million Apple UDID codes online. At the time, the group claimed the device identifying numbers were lifted from an FBI laptop. Now, it seems the codes may have actually been swiped from a database belonging to a small app developer in Florida.
Security analyst David Schuetz was intrigued by the proposition of all this data making its way into the hands of AntiSec. According to his blog (via Wired), Schuetz began to notice repeated factors in the list of number-strings unique to each Apple device.
“I had decided to look more closely at the most frequently repeated device IDs, on the theory that perhaps that would belong to a developer,” wrote Schuetz. “They’d naturally test multiple apps for their company, each of which should have a different device token.”
One name kept reappearing: BlueToad.
Focused on creating digital-edition publishing apps, BlueToad has essentially confirmed its belief the IDs came from the company’s database. Speaking to NBC News, Blue Toad CEO Paul DeHart said there is a 98-percent similarity between the two sets of data.
“As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this,” said DeHart.
The claims waged by AntiSec — that the codes were stolen from the FBI — may not be totally true. But that’s not to say the accusation is totally without merit. Depending on how the UDID set was originally leaked from BlueToad, it’s wholly possible the data could have ended up on an FBI laptop.
The FBI, as well as Apple, denied any knowledge of the incident last week. BlueToad will not contact potentially compromised users directly, instead referring that responsibility to the media companies BlueToad contracts with.