Skip to: Content
Skip to: Site Navigation
Skip to: Search


Horizons

Massive iPhone, iPad ID breach linked back to Florida company

A Florida company says it – and not the FBI – was the target of a breach last week.  

By Matthew Shaer / September 10, 2012

An Apple logo is reflected in the screen of an Apple iPad at an electronics store in Mumbai, India. Earlier today, BlueToad, a Florida company, said a database of iPad and iPhone IDs had been breached by hackers.

Reuters

Enlarge

Last week, AntiSec, a "hacktivist" group associated with Anonymous, released a trove of Apple Unique Device Identifiers, or UDIDs – digital bar codes for iPhones and iPads, basically. AntiSec said the UDIDs – it said it had 12 million in all – had been nabbed from the computer of an FBI agent. The FBI subsequently maintained that there was "no evidence" of a breach, and Apple said it hadn't coughed up the UDIDs to the FBI in the first place. 

Skip to next paragraph

Recent posts

So what was the real source of the leak? A small Florida digital publishing company called BlueToad, apparently. (The BlueToad site has been offline for hours, likely a result of all the press attention, so don't bother.) In interviews and statements today, BlueToad executives said they had found 98 percent correlation between the UDIDs on the AntiSec list and the UDIDs in its own files (hat tip to Ars Technica). 

According to CNN, BlueToad "works with 5,000 to 6,000 publishers to repurpose their content on various devices." Many of those devices are Apple devices, which explains why BlueToad had the UDIDs. But in a statement obtained by the AP, company president Paul DeHart said BlueToad would cease to use the codes altogether. He also stressed that his company did not have access to more specific user data. 

"BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, social security numbers or medical information," DeHart said. "The illegally obtained information primarily consisted of Apple device names and UDIDs - information that was reported and stored pursuant to commercial industry development practices."

To receive regular updates on how technology intersects daily life, follow us on Twitter @venturenaut.

[Editor's Note: The Christian Science Monitor Weekly Edition is accessible on the iPad through a BlueToad app.]

Permissions

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!