Apple product by hacker group The source of information stealing from personal identity theft is not FBI but publisher

ByPetter palander

last week,Personal information of 12 million iPhone / iPad leaks by hackingThe situation occurred. The hacker group announced that the source of the data was the notebook PC of FBI, but in fact it was revealed by the CEO of this company that a small digital publishing company in Florida was hacked.

Statement from BlueToad, the cyber attack suffered in the recent case of stolen Apple UDIDs | BlueToad, Inc. Blog


EXCLUSIVE: The real source of Apple device IDs leaked by Anonymous last week - Red Tape


In the case of Omara, the group naming AntiSec published about 1 million individual identification numbers (UDID) of Apple products on the net. AntiSec announced that it had hacked on FBI's laptop, and announced that it had 12 million data, but FBI denied the fact that it was hacked, Apple also to FBI I have commented that it is not offering UDID.

As a follow-up report, the company announced a statement that "we were hacked by our company."

According to Paul Dehehat CEO of digital book publisher Florida publisher Paul Dehart, the UDID list announced by AntiSec has a correlation of 98% with the data that BlueToad has and is "100% of ours" And that.

BlueToad deals with digital books and applications, and during that process they sent Apple's device name and UDID to their servers. Of course, I knew that these data are important, so I've done thorough security measures and in fact it has protected it by thousands of cyber attacks everyday, but in AntiSec's attack It seems that I got a hole in the system.

Deputy CEO told NBC News that security consultant David Schuetz visited BlueToad last week and pointed out that the leaked data might be from BlueToad. Schuetz notes that the announced list included not only the UDID but also the device name attached by the user. I noticed that several names such as "BlueToad" and "BlueToad support" came up, and that I identified BlueToad as related. BlueToad has already informed the authorities, the investigation is ongoing, and BlueToad also cooperates.

Apple has issued a recommendation to stop obtaining UDID to track users at the beginning of this year and BlueToad also refurbished the system accordingly, so it is said that the current version of the application is not getting UDID . In addition, Dehart said, because we did not acquire highly personal information such as credit card number, social security number, medical information and so on, the risk of the leaked data is not so high.

The security expert Aldo Cortesi, who has strongly opposed UDID usage, once experienced using UDID to leave the device owner's Twitter account or Facebook account, this leakage incident is extremely He pointed out that it is serious. Since UDID is unique to the device and can not be changed, "Although" Senri's way is also one step "is said, this can be the first step of hacking against one million people", it is ringing a warning bell .