source

AntiSec, short for anti-security, claims they stole 12 million Apple iOS device Unique Device Identifiers (UDIDs) by breaching FBI security. The group released a million of them on a website. AntiSec alleges they had a computer belonging to a FBI agent to gain access “to a file containing the list of the Apple IDs”. The online posting “did not identify the agent or who the ID numbers belonged to.” [1]

AntiSec said that they chose to only “release a portion of the Apple IDs list to get people’s attention to its claims that the FBI is gathering people’s Apple device details.” In the note that AntiSec posted online, AntiSec said they have learned that people do not pay attention when one says, “hey, FBI is using your device detail.” The AntiSec group claims that a portion of the devices on the list contains names, telephone numbers, addresses, and ZIP codes, but they chose to only reveal the user IDs, device types, and device names in the portion of the list it released. [1]

This information could cause lot of problems for Apple devices owners since their personal and contact information is tied to their device’s UDID. A CNET article states that the online posting “says the group posted the data out of suspicion the FBI was using the UDIDs for nefarious purposes, such has people tracking, as well as to protest the use of UDIDs in general” [2]. A lot of the personal data was removed before posting the IDs online, but the hacker group left enough data for “ ‘a significant amount of users’ to search the list for their devices” [3].

Even though you can use a tool like they one developed by the TNW tech team [3], there is little to nothing a device owner can do to protect their information or have their device information removed from the list. Users cannot change their UDID “the way you can change a password” [4].

In our society today, protection of private information is crucial. However, security protocols have to be continuously updated. Data leaks like this can scare individuals because they do not know what the outcome of the data leak will be. With incidents such as LinkedIn passwords being compromised [5]; 350,000 UNC Charlotte students’ social security numbers exposed in a data breach [6]; Yahoo, Gmail, and AOL passwords being leaked [7]; and countless other information exposures, more users are aware that their information is not as safe as what many people believe. As stated above, data breaches and information leaks can and have happened to other companies, not just Apple.

Sources:
[1] http://www.latimes.com/business/technology/la-fi-tn-apple-iphone-udid-fbi-antisec-20120904,0,5194351.story
[2] http://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/
[3] http://thenextweb.com/apple/2012/09/04/antisec-hackers-leak-1000001-apple-device-ids-allegedly-obtained-fbi-breach/
[4] http://lifehacker.com/5940197/1-million-apple-device-ids-leaked-12-million-total-stolen
[5] http://news.cnet.com/8301-1009_3-57448465-83/linkedin-confirms-passwords-were-compromised/
[6] http://www.wbtv.com/story/18245250/unc-charlotte-350000-social-security-numbers-exposed-during-internet-breach
[7] http://mashable.com/2012/07/12/yahoo-voices-hacked/

Mashable’s article titled “38% of us Would Rather Clean a Toilet Than Think of New Password” reports that login credentials and site authentications are a hassle for many people.  In a recent Harris Interactive poll, “some 38% of us think attempting to solve world peace would be a more manageable task than trying to deal with yet another set of login credentials.”  All of this hassle makes it easier for hackers to gain access to our online accounts because we tend to either use to same passwords for multiple accounts or we forget our passwords. [1]

I find it difficult to create and remember every password for every online account that I have.  For each site that I visit, there are different sets of password rules. The rules dictate how many characters I can use; if the characters are upper case, lower case, or a mixture of both; whether or not numbers are allowed; what symbols are allowed; if a password history restriction exists; etc.

After getting all of the password rules and restrictions straight in my head, I have to come up with the most secure password that I can think of and remember. I try not to use all dictionary words.  Words found in a dictionary do not make a strong password [3]. Many times, people try to substitute numbers in for letters; Lifehacker points out that password hackers are able to isolate patterns and get around our “clever password trick” [2].

In addition to developing a secure password, Google suggests that in order to keep your passwords secure that you never write them down, do not tell anyone your password, and change it often [3].  A service called LastPass allows you to create one strong password for your LastPass account. LastPass claims that your LastPass account password is “the last password that you’ll have to remember” [4].  When you need a new password for an online account, LastPass generates a random password for you and stores it in your account.  This service is great until a hacker cracks the password to your LastPass account.

Keeping accounts secure is essential in the age we live in.  Individuals and corporations have sensitive information that lives online.  It is imperative that this information stays out of the hands identity thieves, hackers, criminals, etc.

How secure are your passwords?

Sources:
[1] http://mashable.com/2012/08/23/password-overload/
[2] http://lifehacker.com/5937303/your-clever-password-tricks-arent-protecting-you-from-todays-hackers
[3] http://support.google.com/calendar/bin/answer.py?hl=en&safe=on&ctx=tip&answer=37053
[4] https://lastpass.com/