AAPL Stock: 117.19 ( -1.11 )

Printed from

Publisher BlueToad says it was true source of UDID leak

updated 01:41 pm EDT, Mon September 10, 2012

Points to 98 percent match with stolen data

An app-based publishing company, BlueToad, was the real source of the one million UDIDs leaked to the Internet last week, NBC reports. The company's CEO, Paul DeHart, says that technicians downloaded the list and compared it to an internal database, and found that the two matched up 98 percent. "That's 100 percent confidence level, it's our data," he states. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this."

DeHart comments that BlueToad decided to check when an outside researcher, David Schuetz, approached the company and suggested the link, pointing to multiple references to the firm in the data. During the investigation, the company's analysis suggested that the list was stolen "in the past two weeks." That could conflict with AntiSec's claim that the UDIDs were pulled from an FBI agent's notebook in March. Both Apple and the FBI have denied AntiSec's version of events, although Schuetz says he can't confirm the lack of an FBI connection.

An Apple spokeswoman, Trudy Muller, has already issued a new statement. "As an app developer, BlueToad would have access to a user's device information such as UDID, device name and type," she says. "Developers do not have access to users' account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer."

DeHart says that BlueToad won't be contacting individuals to let them know their data was leaked; instead, the choice to share is being left up to the content publishers that represent BlueToad's client base. In the meantime people can check to see if their UDIDs were exposed through various third-party tools, such as Dazzlepod's.

The CEO suggests that there isn't much threat to the leak, and simply recommends that people upgrade any apps they have, since BlueToad has stopped using UDIDs and newer versions of its apps don't collect the data. Apple itself is phasing out UDIDs; a replacement will take effect with iOS 6, and eventually developers will be banned from using the old system. Security researcher Aldo Cortesi contests DeHart's position, pointing out that UDIDs can potentially be used to gain access to online accounts and contact lists, and with some work, to discover a person's real identity.

by MacNN Staff



  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Okay, wonderful, it wasn't Apple or the FBI.

    Nevertheless, this is kind of worrisome: what this says is "in order for UDIDs not to be a security issue, every software publisher whose work you use has to avoid being hacked". That isn't terribly helpful.

  1. Steve Wilkinson

    Dedicated MacNNer

    Joined: 12-19-01

    In other words, not a big deal.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented