Massive iPhone, iPad ID breach linked back to Florida company

A Florida company says it – and not the FBI – was the target of a breach last week.  

Reuters
An Apple logo is reflected in the screen of an Apple iPad at an electronics store in Mumbai, India. Earlier today, BlueToad, a Florida company, said a database of iPad and iPhone IDs had been breached by hackers.

Last week, AntiSec, a "hacktivist" group associated with Anonymous, released a trove of Apple Unique Device Identifiers, or UDIDs – digital bar codes for iPhones and iPads, basically. AntiSec said the UDIDs – it said it had 12 million in all – had been nabbed from the computer of an FBI agent. The FBI subsequently maintained that there was "no evidence" of a breach, and Apple said it hadn't coughed up the UDIDs to the FBI in the first place. 

So what was the real source of the leak? A small Florida digital publishing company called BlueToad, apparently. (The BlueToad site has been offline for hours, likely a result of all the press attention, so don't bother.) In interviews and statements today, BlueToad executives said they had found 98 percent correlation between the UDIDs on the AntiSec list and the UDIDs in its own files (hat tip to Ars Technica). 

According to CNN, BlueToad "works with 5,000 to 6,000 publishers to repurpose their content on various devices." Many of those devices are Apple devices, which explains why BlueToad had the UDIDs. But in a statement obtained by the AP, company president Paul DeHart said BlueToad would cease to use the codes altogether. He also stressed that his company did not have access to more specific user data. 

"BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, social security numbers or medical information," DeHart said. "The illegally obtained information primarily consisted of Apple device names and UDIDs - information that was reported and stored pursuant to commercial industry development practices."

To receive regular updates on how technology intersects daily life, follow us on Twitter @venturenaut.

[Editor's Note: The Christian Science Monitor Weekly Edition is accessible on the iPad through a BlueToad app.]

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.