Hacker Group Obtains 12 Million UDIDs by Breaching FBI Laptop

According to a post on Hacker News (via TNW), the AntiSec group claims to have hacked an FBI computer and obtained roughly 12 million Apple Unique Device Identifiers (UDID), alongside user names, addresses, cellphone numbers, and more. UDIDs are strings of numbers and letters used by Apple and developers to identify your iOS device. They noted in their statement how this info was obtained:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

AntiSec released 1 million UDIDs publicly to get the public to question why an FBI agent’s computer would house so many UDIDs on a government laptop. Most of the important personal data was trimmed, but enough info there to see if a users’s UDID does exist in this first release. It will be interesting to see what the FBI has to say in response to this ‘discovery’.

Just this March, it was reported Apple had started to restrict developer access to device UDIDs.

Founder and Editor-in-Chief of iPhoneinCanada.ca. Follow me on Twitter, and @iPhoneinCanada, and on Google+.

  • shin

    not sure what concerns me more: that they 12 million UDIDs are out on the internet or that someone was able to breach an FBI laptop.

  • Roaming

    I’m more concerned as to why FBI had this data in the first place

  • Networx

    Exactly!!! Also, is anyone going to let the 12 million people know that their device may be compromised and what is Apple and the FBI going to do about it?

  • http://www.facebook.com/vasiljevicstefan Stefan Vasiljevic

    Good point. Shity world we live in.

  • naughty

    Time for the world’s law enforcers united to draft a shot 1st then ask later on all hackers worldwide.