Hacking group AntiSec has released over 1 million Apple Unique Device Identifiers allegedly obtained from an FBI laptop.
AntiSec claims to have over 12 million UDIDs, along with user names, device names, phone numbers and addresses.
The group issued the following statement describing how the data was obtained:
“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.”
UDIDs on their own are relatively harmless, the privacy risks come from these IDs being used across apps and ad networks to piece together the interests of the users. It has been reported in the past that by leveraging existing networks, information and, on rare occasions, login access can be obtained from UDIDs.
Want to receive up-to-the-minute tech news straight to your inbox? Then click here to sign up for the completely free PCR Daily Digest and Newsflash email services. You can also follow PCR on Twitter and Facebook.