Hacker Group Steals Millions of Apple Device ID’s


AntiSec, short for anti-security, claims they stole 12 million Apple iOS device Unique Device Identifiers (UDIDs) by breaching FBI security. The group released a million of them on a website. AntiSec alleges they had a computer belonging to a FBI agent to gain access “to a file containing the list of the Apple IDs”. The online posting “did not identify the agent or who the ID numbers belonged to.” [1]

AntiSec said that they chose to only “release a portion of the Apple IDs list to get people’s attention to its claims that the FBI is gathering people’s Apple device details.” In the note that AntiSec posted online, AntiSec said they have learned that people do not pay attention when one says, “hey, FBI is using your device detail.” The AntiSec group claims that a portion of the devices on the list contains names, telephone numbers, addresses, and ZIP codes, but they chose to only reveal the user IDs, device types, and device names in the portion of the list it released. [1]

This information could cause lot of problems for Apple devices owners since their personal and contact information is tied to their device’s UDID. A CNET article states that the online posting “says the group posted the data out of suspicion the FBI was using the UDIDs for nefarious purposes, such has people tracking, as well as to protest the use of UDIDs in general” [2]. A lot of the personal data was removed before posting the IDs online, but the hacker group left enough data for “ ‘a significant amount of users’ to search the list for their devices” [3].

Even though you can use a tool like they one developed by the TNW tech team [3], there is little to nothing a device owner can do to protect their information or have their device information removed from the list. Users cannot change their UDID “the way you can change a password” [4].

In our society today, protection of private information is crucial. However, security protocols have to be continuously updated. Data leaks like this can scare individuals because they do not know what the outcome of the data leak will be. With incidents such as LinkedIn passwords being compromised [5]; 350,000 UNC Charlotte students’ social security numbers exposed in a data breach [6]; Yahoo, Gmail, and AOL passwords being leaked [7]; and countless other information exposures, more users are aware that their information is not as safe as what many people believe. As stated above, data breaches and information leaks can and have happened to other companies, not just Apple.

[1] http://www.latimes.com/business/technology/la-fi-tn-apple-iphone-udid-fbi-antisec-20120904,0,5194351.story
[2] http://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/
[3] http://thenextweb.com/apple/2012/09/04/antisec-hackers-leak-1000001-apple-device-ids-allegedly-obtained-fbi-breach/
[4] http://lifehacker.com/5940197/1-million-apple-device-ids-leaked-12-million-total-stolen
[5] http://news.cnet.com/8301-1009_3-57448465-83/linkedin-confirms-passwords-were-compromised/
[6] http://www.wbtv.com/story/18245250/unc-charlotte-350000-social-security-numbers-exposed-during-internet-breach
[7] http://mashable.com/2012/07/12/yahoo-voices-hacked/

Leave a Reply