UDID breach: How to find out if your data’s been compromised

Macworld Australia Staff
5 September, 2012
View more articles fromthe author

If you’re worried about your data being part of over a million Apple device IDs that hacker collective AntiSec claims to have captured from the laptop of an FBI agent and subsequently published, a Melbourne company has created a secure tool to see if your devices were included.

You simply enter your Apple device IDs (UDIDs) into a search field at the Should I Change My Password site and hit the Check button. The site includes instructions on how to find out what your UDID is.

Avalanche Technology Group Chief Technology Officer Kevin Yank says that, unlike other such tools that have appeared online, “we do not store the list of leaked UDIDs on our servers (only secure fingerprints of those IDs), and the UDID you submit to us is encrypted with SSL for your privacy, and then immediately discarded”.

While the announcement by AntiSec – a group associated with Anonymous – seemed to imply that the leak was for a million iPhones, Yank says, Avalanche found the data actually contained a mixture of iPhone, iPad and iPod touch devices. The actual count of compromised devices published was 985,093 after Avalanche eliminated duplicate IDs from the list.

“Anonymous claims it posesses details for some twenty million devices, and that the original file includes sensitive data such as names, addresses and phone numbers,” Yank says. “If true, this means those details are now in the hands of Anonymous.

“Fortunately, this public leak contains only relatively insensitive data: your device’s unique identifier, its push notification service token, and the name of your device (as assigned in iTunes, or in your device’s General Settings – usually something like ‘Kevin’s iPhone’).”

Yank says that Avalanche’s Should I Change My Password is a service that helps you stay safe online by letting you know if your email address and password have been released by hackers.

“In over 12 months we’ve discovered over 13 million compromised email addresses and passwords,” he says. “We offer a free monitoring service for individuals called the Email Watch Dog that will alert you if and when your email address appears in a password leak.”

If you find your device was included in this leak, Yank says, your can take some comfort in the fact that your personal data hasn’t been released on the open web, but adds: “We’d certainly like to know how it ended up in that list. Anonymous claims the list came from an FBI laptop that some of its members hacked into; the FBI denies this.”



Leave a Comment

Please keep your comments friendly on the topic.

Contact us