UDID's leaked by Anonymous belonged to Florida publishing company, not the FBI

UDID's leaked by Anonymous belonged to Florida publishing company, not the FBI

Not too long ago, hacker Anonymous claimed to have stolen over 12 million UDID's from a hacked FBI laptop. While the FBI and Apple denied the claims, no one was sure where the data actually came from. Blue Toad, a small publishing company in Florida, has stepped forward saying the data was most likely stolen from them.

Paul DeHart, CEO of Blue Toad publishing company, has come forward and stated that they believe the data was actually stolen from them about 2 weeks ago which does not match up with Anonymous stating that the data was stolen back in March.

After they ran the data through their own list of customer UDID's and information, there was a 98% correlation between their data and the leaked data.

"That's 100 percent confidence level, it's our data," DeHart said. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”

An outside researcher, David Schuetz, approached Blue Toad and DeHart after he had found that around 19 of the device UDID's leaked actually belonged to Blue Toad themselves, some of them appearing to be shared among employees. Among the data leaks, the name that a person had given to their iPhone, iPad, or iPod touch would also be given.

Schuetz said that after pouring over the information, he found numerous devices within the data which had names that included the phrase Blue Toad or variations of that, such as “Blue Toad support.” Some of the gadgets’ names also suggested they belonged to various departments within Blue Toad and were shared among multiple employees.

“What I was seeing was that there were-- of the million devices that were in there -- there were a few devices that showed up multiple times with themes that were related to Blue Toad,” he said. “By the time I was done, late Tuesday night, I think I had 19 devices that … all belonged to Blue Toad.,” he said. He contacted the company soon after.

DeHart has said that Blue Toad won't be individually contacting users that were affected but instead leaving it up to individual content providers and publishers to contact individuals if they see a need for it.

Source: NBC

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Allyson Kazmucha

Senior editor for iMore. I can take apart an iPhone in less than 6 minutes. I also like coffee and Harry Potter more than anyone really should.

More Posts



← Previously

Deal of the Day: 47% off the Seidio ACTIVE Case for The New iPad and iPad 2

Next up →

September 12 preview: Imagining Apple's new iPhone event

Reader comments

UDID's leaked by Anonymous belonged to Florida publishing company, not the FBI


A few interesting questions would be WHY did a small publishing company in Florida have 12 million UDID's in its possession to begin with, why was it on a device being passed around and how did it get compromised?

I'd assume they had them because of the apps and publishers they work with. This is how you'd handle subscriptions etc... Apple has deployed a new method but for a long time, subscriptions and in-app purchases were tied to your UDID. This isn't uncommon. that's why when you got a new device or added a new one, you'd have to restore the purchase with your Apple ID. You still have to do this but it uses a new process instead the UDID as long as the developer is using the newer method.