App publisher admits it was source of UDID data breach

Macworld Australia Staff
11 September, 2012
View more articles fromthe author

A Florida digital publishing company, BlueToad, has taken responsibility for the leak of a million Apple iOS device UDIDs, with the app developer admitting it was the source of the data released last week by hacker group AntiSec.

Speaking on NBC News, BlueToad CEO Paul DeHart said a comparison between his company’s data and the leaked UDIDs showed a “98 percent correlation”.

“That’s 100 percent confidence level, it’s our data,” DeHart told NBC News. “As soon as we found out we were involved and victimised, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”

Apple responded to BlueToad’s statement, informing NBC News that “as an app developer, BlueToad would have access to a user’s device information such as UDID, device name and type”.

The incident occurred last Thursday, when hackers released the UDIDs of a million Apple iOS devices claiming the data was sourced from an FBI laptop as proof the FBI were spying on the American population.

However the FBI and Apple were quick to counter the claims, the FBI stated that “at this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data”.

Apple denied providing the FBI with the information and confirmed the end for UDIDs in the upcoming launch of iOS 6.

“The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organisation. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID,” Apple told AllThingsD.

BlueToad, based in Florida, issued a statement on the company website following the NBC News interview, apologising for the security breach.

“We sincerely apologise to our partners, clients, publishers, employees and users of our apps.  We take information security very seriously and have great respect and appreciation for the public’s concern surrounding app and information privacy.”

“BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, social security numbers or medical information.  The illegally obtained information primarily consisted of Apple device names and UDIDs – information that was reported and stored pursuant to commercial industry development practices.”

Leave a Comment

Please keep your comments friendly on the topic.

Contact us