This article was published on September 4, 2012

FBI says there is no evidence hackers grabbed UDIDs from them, or that they even had the data


FBI says there is no evidence hackers grabbed UDIDs from them, or that they even had the data

The FBI has issued a statement saying that there is no evidence that hackers managed to grab a database of some 12 million unique device identifiers at all. The statement, issued to All Things D, goes as far as to say that there is no evidence that the FBI even gathered such data.

The statement:

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

AntiSec claims that the data on the laptop, allegedly that of an FBI agent, contained some 12 million UDIDs and a patchy array of other bits of info like phone numbers and more. The group leaked 1M of those IDs earlier this morning, along with details of how they say they came across them.

The FBI’s press office followed up with this tweet:

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Triggering a response from the AnonymousIRC Twitter account:

The Next Web has created a tool for you to check to see if your UDID is in that batch, though if what AntiSec says is true, it has millions more. Apple has sold over 350M iOS devices to date, each one with its own static UDID that is used by ad networks and other services to track your device, much like a cookie in a web browser.

The database has turned up positive matches for UDIDs, so the 1M numbers released appear to be valid in some form, regardless of where they came from.

There is no inherent danger in your information being out there, even your UDID. But there are some possibilities for malicious use due to the sloppy handling of the UDID by some developers, who associate it with other personal info. Apple has been trying to get them to stop using this identifier for over a year now.

The biggest question surrounding this issue, of course, is why the FBI was collecting this information, or where it obtained it from. If the statement from the FBI is accurate, then it may never have had it in the first place. Then the question becomes where exactly did AntiSec get the database?

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top