Massive iPhone, iPad ID breach linked back to Florida company

Last week, AntiSec, a "hacktivist" group associated with Anonymous, released a trove of Apple Unique Device Identifiers, or UDIDs – digital bar codes for iPhones and iPads, basically. AntiSec said the UDIDs – it said it had 12 million in all – had been nabbed from the computer of an FBI agent. The FBI subsequently maintained that there was "no evidence" of a breach, and Apple said it hadn't coughed up the UDIDs to the FBI in the first place. 

So what was the real source of the leak? A small Florida digital publishing company called BlueToad, apparently. (The BlueToad site has been offline for hours, likely a result of all the press attention, so don't bother.) In interviews and statements today, BlueToad executives said they had found 98 percent correlation between the UDIDs on the AntiSec list and the UDIDs in its own files (hat tip to Ars Technica). 

According to CNN, BlueToad "works with 5,000 to 6,000 publishers to repurpose their content on various devices." Many of those devices are Apple devices, which explains why BlueToad had the UDIDs. But in a statement obtained by the AP, company president Paul DeHart said BlueToad would cease to use the codes altogether. He also stressed that his company did not have access to more specific user data. 

"BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, social security numbers or medical information," DeHart said. "The illegally obtained information primarily consisted of Apple device names and UDIDs - information that was reported and stored pursuant to commercial industry development practices."

To receive regular updates on how technology intersects daily life, follow us on Twitter @venturenaut.

[Editor's Note: The Christian Science Monitor Weekly Edition is accessible on the iPad through a BlueToad app.]