Florida firm is source of Apple data in breach
WASHINGTON (AP) – A Florida company said Monday that the database of Apple device information that hackers stole and posted on the Internet last week came from a file the firm had in its computer system.
The disclosure comes nearly a week after a hacker group, which calls itself AntiSec, claimed that the data was stolen from an FBI laptop. The FBI flatly rejected the claim, saying it never possessed the information. The data included about 1 million unique identification numbers for Apple devices and some personal information, such as the names people assign to their iPads, iPhones and iPods.
Orlando-based BlueToad is a digital publishing company that converts files so that they can be more easily read online and by mobile devices.
In a statement, company president Paul DeHart said the Apple data was stolen in a cyberattack against BlueToad.
“BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, Social Security numbers or medical information,” he said in the statement. “The illegally obtained information primarily consisted of Apple device names and UDIDs (unique device identification numbers) — information that was reported and stored pursuant to commercial industry development practices.”
Apple assigns UDIDs – a string of numbers and letters – to all of its devices. The numbers let iTunes and application developers know which device is running which apps. As an example, the numbers allow game developers to keep track of users’ high scores.
DeHart said his company is working with law enforcement officials on the case, and has fixed the computer vulnerability that led to the breach.
The FBI did not comment on BlueToad’s disclosure.
AntiSec is linked to a group known as Anonymous, which – along with another offshoot called Lulz Security – has been tied to a number of high profile computer attacks and crimes, including many that were meant to embarrass governments, federal agencies and corporate giants.