‘We have 12m Apple IDs’, says hacking group
Hackers claim source is FBI laptop; 1m IDs made public
Hacking group AntiSec, an offshoot of the Anonymous movement, has laid claim to 12 million Apple UDIDs (unique device identifiers), which it says it obtained from the computer of an FBI agent.
The group published 1 million of the IDs, while claiming to also have access to names, phone numbers and addresses. It identified the source of the information as the laptop of an FBI agent called Christopher Stangl, attached to the bureau's Regional Cyber Action Team.
Despite FBI claims that "there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data", e-crime specialist Peter Kruse, of CSIS Security Group in Denmark tweeted that three of his personal devices were on the published list.
New Zealand-based security consultant Aldo Cortesi blogged, "The vulnerabilities ranged from de-anonymization, to takeover of the user's gaming social network account, to the ability to completely take over the user's Facebook and Twitter accounts."
The Apple unique device identifier is found by clicking on the device's serial number within iTunes, while it is connected to the host computer. The alpha-numeric string is used to track the device and user activity on the Apple network. AntiSec claims to have access to UDIDs from both iPhones and iPads.
Johannes Ullrich of the SANS Internet Storm Center told AFP that confirming the source of the data would be difficult. "There is nothing else in the file that would implicate the FBI. So this data may very well come from another source. But it is not clear who would have a file like this," he said.