Tuesday, September 4, 2012

One million Apple device IDs reportedly dumped after alleged FBI breach


One million Apple device IDs reportedly dumped after alleged FBI breach


A file reportedly containing 1,000,001 iPhone and iPad identification numbers has beenposted on Pastebin, with hackers claiming to have stolen the data from a laptop belonging to an FBI agent. The poster claims to be in possession of a full file containing 12 million unique device identifiers (UDIDs), as well as personal data including "full names, cell numbers, addresses, zipcodes," though this information was redacted in the released sample. The data was posted under the Operation AntiSec banner, associated with hacktivist groups such as Anonymous and LulzSec.
According to the Pastebin post, the file was originally taken from a Dell Vostro laptop owned by Supervisory Special Agent Christopher K. Stangl — the attackers reportedly used a vulnerability in Java to gain access to the machine. The supposed name of the file in question, "NCFTA_iOS_devices_intel.csv," indicates a connection with the National Cyber-Forensics & Training Alliance, an intelligence-sharing organization dedicated to tackling cybercrime. The apparent incompleteness of the information suggests that it came from an app developer, or group of developers, rather than Apple itself.
The Next Web has put up a tool allowing users to check whether or not their UDID was included in the dump. As investigation into the incident continues, it will be intriguing to see if any correlations emerge between users — particularly, whether any link can be identified between using a particular app and appearing on the list. We'll update this post with any further information as it comes in.

No comments:

Blog Archive