App company admits to being the source of Apple UDID leak

A Florida-based app publishing company called BlueToad has claimed it was the source of the Apple UDID leak, contradicting claims from Anonymous that it hacked them from an FBI laptop.

"A little more than a week ago, BlueToad was the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems. Shortly thereafter, an unknown group posted these UDIDs on the Internet," BlueToad CEO Paul DeHart wrote on the company’s blog.

Speaking to NBC News, DeHart said data released by Anonymous closely matched data held on one of the company’s databases. DeHart believes Blue Toad was hacked several weeks ago.

"As soon as we found out we were involved and victimised, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this," he told NBC News.

He apologised to those whose data was stolen, adding that an investigation is underway into the exact circumstances.

As an app developer and publisher BlueToad would have access to Apple Unique Device Identifiers (UDIDs). Every device running iOS has one as they are used by app developers and advertisers to track user behaviour.

Earlier this month Anonymous leaked one million UDIDs out of about 12 million it claimed to posses. It said it had hacked the data from a laptop belonging to an FBI agent as it wanted to publicly expose the monitoring and tracking by US government agencies such as the FBI.

However the FBI was quick to deny it was the source of the data, saying in a statement that it could find, "no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

Apple also denied handing over the information to the FBI. It is also phasing out the use of UDIDs, partly

There has been no response yet from the usual Twitter accounts connected to Anonymous. However one thing is clear: the dates do not match up. Anonymous said the information was hacked back in March but BlueToad believes its data breach occurred within the last two weeks.

DeHart admitted that it is possible the data had been shared by whoever stolen it from BlueToad and found its way onto an FBI laptop.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up