Sign in with
Sign up | Sign in

Real Source Behind Apple UDID Leak Steps Forward

By - Source: NBC News | B 17 comments

Last week AntiSec claimed that it hacked into an FBI agent's laptop and obtained over 12 million Apple UDIDs. The FBI followed up by claiming that it didn't have the supposed information -- Apple confirmed the FBI's excuse, reporting that it never released the information to the government. Now a small Florida publishing company has stepped forward claiming itself as the source of the leak.

In an exclusive report by NBC News, BlueToad CEO Paul DeHart admitted that his own technicians downloaded the data released by AntiSec – a list of 1 million UDIDs – and compared it to the company's own database. The analysis found a 98-percent correlation between the two datasets.

"That's 100-percent confidence level, it's our data," DeHart told NBC News. "As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this."

According to DeHart, BlueToad provides private-label digital edition and app-building services to 6,000 different publishers, and serves up 100 million page views each month. DeHart wouldn't reveal just who those business partners are, but said many of his clients are household names. As of this writing, the BlueToad website is actually down.

DeHard said that his company downloaded the leaked AntiSec data after an outside researcher named David Schuetz speculated that the data originated from the publisher's database. Without revealing additional details, DeHard admitted that the company's forensic analysis showed that the data had actually been obtained over the past two weeks.

"I had no idea the impact this would ultimately cause,” DeHart continued. “We're pretty apologetic to the people who relied on us to keep this information secure."

The question now is: who took the data? It's possible that the data was yanked from one of the company's servers and shared with others, eventually landing on the FBI agent's laptop. Now there are doubts that the data was even pulled from an agent's laptop as the FBI stated, or that the information was obtained back in March.

"Timing-wise, (their) story doesn't make sense," he said.

Apple spokeswoman Trudy Mullter told NBC News on Monday that as an app developer, BlueToad would definitely have access to a user's device information such as UDID, device name and type. But what they don't have is access to the user's account information, passwords or credit card information unless the information is willingly offered by the device owner.

The researcher who figured out that the data belonged to BlueToad, David Schuetz, told NBC News that he figured out the source based on clues within the data. "I spent most of Tuesday evening obsessing over this," said Schuetz, adding that numerous devices listed within the data included the phrase BlueToad or variations of the name. Some of the listed gadgets even suggested that they were owned by BlueToad employees.

"By the time I was done, late Tuesday night, I think I had 19 devices that … all belonged to BlueToad," he said.


Contact Us for News Tips, Corrections and Feedback

Display all 17 comments.
This thread is closed for comments
  • 5 Hide
    house70 , September 10, 2012 10:05 PM
    Bad toad! Bad!
  • 8 Hide
    MAC_HATER , September 10, 2012 10:18 PM
    gogo stock photos!

    brb - im going to don a balaclava and power up some projectors to display 0's and 1's on the wall so i can take part in nefarious activity's on my laptop!
  • 9 Hide
    thecolorblue , September 10, 2012 10:19 PM
    cover up
  • 4 Hide
    ddpruitt , September 10, 2012 10:25 PM
    Methinks this may get even more interesting...
  • 4 Hide
    nickul , September 10, 2012 10:25 PM
    wink, wink!
  • 5 Hide
    neoverdugo , September 10, 2012 11:17 PM
    One word: Scapegoat!
  • 3 Hide
    BigBodZod , September 10, 2012 11:17 PM
    All hail the HypnoBlueToad.

    These are not the UDID's you're looking for.
  • 4 Hide
    nickul , September 10, 2012 11:18 PM
    bigbodzodAll hail the HypnoBlueToad.These are not the UDID's you're looking for.

    =)))))))))))))))))))))))))))))))) SO DUCKING AWESOME MAN!... :) )))))))))))))))
  • 2 Hide
    dalethepcman , September 10, 2012 11:30 PM
    It's not that I think all Apple users deserve to get hacked, but in general Apple users deserve to get hacked. Every Apple owner that has ever agreed with or said "I use an Apple, they can't get hacked" deserves this. The only computer that cannot be hacked is one that's disconnected from the internet, powered off, broken with a hammer and locked in a safe.

    As for all the conspiracy theory people in the room, put your tinfoil hats back on. If I were the FBI and I were storing user data, it would be from whatever application replaced CarrierIQ, and no that application is not iTunes...
  • -1 Hide
    nickul , September 10, 2012 11:54 PM
  • 0 Hide
    hawkwindeb , September 11, 2012 12:41 AM
    AntiSec Reveals FBI Laptop Containing 12 Million Apple UDIDs,17360.html

    hawkwindebIt was stated in the article about the FBI agent: "He’s a known recruiter in the FBI focused on getting white hack hackers to work for the feds," ...So maybe, if the article is about real a FBI agent, and the data is really as it is stated, again - maybe the data was stolen by some hacker that is of interest to the FBI either to be recruited or prosecuted. It may be part of the hacker's portfolio to show off what that hacker can do. Yes a lot of maybe's and if's. just saying....

    From the original article, seems like I might have been very close…
  • 0 Hide
    carj4ck , September 11, 2012 2:31 AM
    Anyone else think of ye olde ?
  • 0 Hide
    carj4ck , September 11, 2012 2:34 AM
    Ye olde Silicon Toad
  • 0 Hide
    carj4ck , September 11, 2012 2:34 AM
    Why is the link not working?
  • 0 Hide
    freggo , September 11, 2012 4:30 AM
    "the company's forensic analysis showed"

    Don't need much forensic skills.
    It's a common practice to seed databases with fake data sets so that
    you can pinpoint the server and date when the data base stolen.

    We do it for all our clients automatically.
  • 0 Hide
    teodoreh , September 11, 2012 7:02 AM
    When the USSR missiles shot down the U2, US Goverment painted their U2s with NASA's colors and reported that they had oyigen problems that may caused the U2 "NASA" pilot to loose his way to Russian territory. Of course the Russians didn't tell that they actually had obtained both the pilot alive and the U2 camera film of Russian silos.

    So I wouldn't get suprised at all if this is just a cover up story. After all, Apple is worst than the goverment...
  • 0 Hide
    jabliese , September 11, 2012 2:18 PM
    @teodoreh: Except last time I checked, Apple did not have any nuclear missiles targeted at the US or USSR. A little perspective, please.