By now, many of you probably know about last week’s AntiSec hack. The group claimed to have stolen 12 million Apple UDIDs – 1 million of which were posted to Pastebin – from the computer of an FBI agent. At the time, the FBI said that it didn’t have any involvement in the hack, and that AntiSec had made the whole story up. While that seemed like just an FBI attempt to distance itself from the breach, it turns out that the FBI was telling the truth – at least when it comes to whether or not the information was stolen from an FBI computer.
NBC News has reported on the real victim of the breach: publishing company BlueToad, which operates out of Florida. CEO Paul DeHart says that the information Anonymous shared last week was stolen from BlueToad’s servers two weeks ago, and that the company came to this conclusion by comparing the stolen information to its own collection of UDIDs. The result? 98% of the data matched up, which leads DeHart to believe that the data originally came from his company’s servers.
“That’s 100 percent confidence level, it’s our data,” DeHart said. “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.” BlueToad has since posted a statement about the breach to its blog, apologizing about the information getting loose. DeHart didn’t give much more information about the breach, saying that an investigation is still ongoing.
It sounds like BlueToad has quite a few UDIDs in its database, too – though you probably don’t recognize the name, the company provides app building services for 6,000 other publishers. This realization seems to mesh well with statements made by both the FBI and Apple last week. When the data was leaked, the FBI claimed that it didn’t come from any of its computers and Apple insisted that it wasn’t sharing UDIDs with the organization. As a publisher, on the other hand, BlueToad would have access to those UDIDs, though DeHart admits that the stolen information could have made it onto FBI computers in the time since the breach.
Still, even if that information was taken from an FBI computer, it seems that it didn’t originate there. The good news is that BlueToad, at the request of Apple earlier this year, stopped storing UDIDs, and updated its apps so they would stop collecting the information. Stay tuned for more on this rather strange story, as more information will likely develop in the coming days.