Apple UDID Leak Due To Small App Company Failure, Not FBI’s

Apple’s latest leak of millions of customer information is attributed to a small app company. Last week, AntiSec, an offshoot from Anonymous, claimed to have breached an FBI agent’s laptop and managed to steal a significant number of Unique Device Identifiers or UDIDs. About a million of the said stolen information was posted online but the FBI denied that the laptop of one of its agents was ever accessed illegally.

In an announcement, Blue Toad CEO Paul DeHart said that his company started to initiate an investigation right after customer information were posted online by the hacker group.

A post from AntiSec at the time boasted that an FBI agent’s laptop was hacked resulting to the online leak. The hackers claimed to have stolen more than 12 million IDs, together with some other information like billing addresses, names, and cell phone numbers.

Apple, after taking hits from security experts and the public alike, strongly denied ever giving any such information to the FBI or to any other organization.

DeHart said that after the identifiers were leaked, his company right away determined that they are the source. Apple and the FBI were promptly notified by BlueToad. The company then hired a third party security firm to check into its systems to ward off further attacks.

UDIDs are innocuous on their own but, paired with other information like names or billing addresses, they can be a security weakness for customers with lower security protection levels.

BlueToad’s CEO said: “We still have other apps that haven’t been updated but with the urgency of all this, we have discontinued the use of those.” The comment followed right after BlueToad knew its system was compromised, and obviously as an explanation for the public why it has those information.

“We don’t store any other information that would rise to any other sensitive level, no Social Security numbers or any sort of medical information,” DeHart declared.

DeHart also clarified that only 2 million IDs were stolen, in contrast to the previous claim of AntiSec’s 12 million.

BlueToad’s CEO assured the public that the leak posed low risk in creating harm to customers although his company is still taking all needed steps to ensure that the incident will not happen again.

BlueToad, a small company based in Orlando, employs about 30 workers and the company’s signature can be seen on over 100 million page views every month. It works with more or less 6,000 publishers to convert their content on several types of devices.

source: cnn