User names, phone numbers, other data also allegedly leaked

[Update: FBI denies leaked data came from its equipment] A hacker group, Antisec, has released what it says is a list of one million iOS UDIDs pulled from an FBI notebook in March. The Dell Vostro reportedly belonged to Supervisor Special Agent Christopher K. Stangl from the FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team; his system was hacked using an AtomicReferenceArray vulnerability in Java, and during the attack Antisec says it downloaded a number of files, one of which was listed as "NCFTA_iOS_devices_intel.csv."

The group notes that the file in fact contained data on 12,367,232 iOS devices, including not just UDIDs but "user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.," although personal detail fields are said to have been empty in many cases. Why or how Stangl might've obtained the information is unclear, though since it's the sort of data app developers may have access to, that is one possible source. MacRumors claims that based on its own checks, the leaked UDIDs "appear to be legitimate."

UDIDs are used for a variety of purposes by Apple and third-party developers, and are nominally anonymous. Matched with other pieces of information, however, they can gradually build up a picture of a user, or in some cases even be matched to a person's real identity. For this reason, Apple has sometimes been under fire for continuing to rely on the UDID system.

Update: The FBI has issued a statement saying it "is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised, or that the FBI either sought or obtained this data."

by MacNN Staff