Apple recently received some media flack for a UDID theft that Internet troublemaker, Anonymous, leaked to the public. Originally, the “hacktivist” group claimed that the 12 million Apple UDIDs (Unique Device Identifier) of iOS devices came from the FBI. The secretive investigation bureau quickly refuted that claim, and Apple made sure to let the world know that their hands were clean on the issue, too.
Today, the app publishing company that the UDIDs were stolen from has come forward to admit to the breach and apologize for the incident.
According to NBC News, Blue Toad Publishing was the company with the 12 million UDIDs that were released to the public by Anonymous. The Florida-based company’s CEO Paul DeHeart told NBC News that Blue Toad Publishing became aware of the news surrounding the stolen UDIDs. Although they didn’t think the theft pertained to them, an outside researcher named David Schuetz, suggested that the leaked device identifiers might, in fact be theirs. It turned out that the stolen data matched their own at a level of 98 percent.
“That’s 100 percent confidence level, it’s our data,” said DeHart. “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”
“This is a big deal for us as a company. Our credibility is on the line. This is something we take very seriously. Something we want to do is apologize to the user. Our technology has a very large footprint. Protecting the information that we gather for them is very important to us,” said DeHart.
DeHart also mentioned that Blue Toad Publishing used to collected user’s UDID information as part of “typical Apple protocol,” but noted that the company no longer collects UDIDs as part of its process. This change happened long before the device identifiers were stolen.
Schuetz, the researcher that discovered the connection between the stolen UDIDs and Blue Toad Publishing, also spoke to NBC News. He discovered the source of the data because the leaked information also included a name given to each gadget by its owner. There were a number of devices that included the name “Blue Toad,” enough to cause the Intrepidus Group researcher to connect the dots. “What I was seeing was that there were – of the million devices that were in there - there were a few devices that showed up multiple times with themes that were related to Blue Toad,” he said. “By the time I was done, late Tuesday night, I think I had 19 devices that … all belonged to Blue Toad.”
While there is still a possibility that whoever stole the UDIDs from Blue Toad Publishing gave or sold that information to the FBI and Anonymous really did find it in their files, but that is highly unlikely. It looks like the Internet tricksters FAILed to generate much sympathy with this antic.