Hacker Claims To Have Stolen 12 Million iPad And iPhone Apple Device IDs And Posts A Million Of Them To Prove It

Tuesday, September 04, 2012 17:17
Hacker Claims To Have Stolen 12 Million iPad And iPhone Apple Device IDs And Posts A Million Of Them To Prove It

Tags: privacy; security

A hacker has published more than a million Apple Unique Device IDs (UDIDs) and claims to have an additional 11 million device IDs along with the personal information associated with them.  

This Website Is For Financial Professionals Only

A UDID is the Unique Device Identifier for iOS devices. It's essentially the serial number of every iPhone, iPod, and iPad, says Gizmodo.


"While it's still plenty disconcerting that 'user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.' are out there,"  according to Gizmodo, "there's nothing in it (specifically, email addresses and passwords) that could upend your digital life."


The hakcer group, which calls itself "AntiSec," is reportedly connected with Anonymous, wihch is known for hacktivism. AntiSec's claim that it hacked the UDID data from an FBI agent's laptop computer has raised questions across the Web about why the FBI possessed a list of 12 million UDIDs and associated personal data. 


"We decided we'd help out Internet security by auditing FBI first," AntiSec says in a posting reportedly released Sunday on PasteBin.com announcing the breach.
AntiSec's posting gives instructions on how to download the 1,000,0001 user IDs. The posting also says names, cell phone  numbers, addresses and other associated data in the file were "trimmed."
In addition, the posting claims, the group obtained the Applie IDs by hacking into a computer owned by a an FBI agent in New York assigned to investigate cybercrime. The FBI has issued a statement denying the data was hacked from one of its agent's computers.
While it is indeed certain that AntiSec has published one million UDIDs, there is no definitive way of verifiying its claims to have 11 million more UDIDs and the additional personal information -- names, cell numbers, etc -- connected to the UDIDs.   
Check if your Apple ID was on the list using this tool from The Next Web.
Changing your password to your Apple ID is a good idea if your UDID is on the list of one million published UDIDs. If you use the same password on other websites, change passwords on those accounts as well.
AntiSec, which seems to have a sense of humor, strangely demanded that a reporter for Gawker post a picture of himself wearing a tutu and a sneaker on his head before they would give any press interviews about the Apple attack. 
A new era of Internet security has begun. If hacks like these can sucessfully get personal data on millions, expect security to tighten up on everything you do on the Web over the next couple of years. 

More news about this hack

Comments (4)

Security Consultant: The Apple UDID leak is a privacy catastrophe http://bit.ly/RjatOQ
agluck , September 05, 2012
I know of an individual who knows "that world" pretty well, and you'd be very surprised about what other information the FBI and other government agencies have that they arguably shouldn't. And, no this isn't just some conspiracy theory.
a guest , September 05, 2012
Across the Web, comments like yours are prevalent. At NYT, Verge, TechCrunch, and all over, people are cynical about the FBI's claim. That's a victory for AntiSec. If indeed AntiSec has 12 million UDIDs and associated personal data, and if it can substantiate claims to have hacked it from an FBI computer, this would be a watershed.
agluck , September 05, 2012
We are going to see a significant increase of hacker attacks on Apple. In the past Apple was less of a target as they had a strong following and a lower market share. Apple users should start using security suites (anti-virus, Firewall, etc..) to make certain they are less vulnerable.
BrianEdelman , September 18, 2012

Write comment

You must be logged in to post a comment. Please register if you do not have an account yet.