Florida Company Reveals Anonymous Stole Apple UDIDs from their Servers, Not from FBI

NBC News reports exclusively the previously leaked 1 million Apple UDIDs by Antisec did not come from an FBI laptop, but rather stolen from a Florida publishing company called Blue Toad, as discovered by researcher David Schuetz, who tipped the company:

Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company’s own database. The analysis found a 98 percent correlation between the two datasets.

“That’s 100 percent confidence level, it’s our data,” DeHart said. “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”

After Antisec released the UDID data, the FBI uncharacteristically responded and denied the claims the data came from their laptop, and said Antisec was lying. Looks like the FBI was correct. Apple even released a statement and said they did not provide any data to the FBI.

Apple spokeswoman Trudy Mullter told NBC News the following:

“As an app developer, BlueToad would have access to a user’s device information such as UDID, device name and type…Developers do not have access to users’ account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer.”

Very interesting developments in this story. Just goes to show to never believe anything you read on the internet. The biggest loser out of this case is Gawker’s Adrian Chen. He was asked to dress up and post pictures of himself in a pink tutu at the request of Antisec, in order for the hacker group to release more interviews about the subject. Ouch.

Update: Here’s the official statement from Blue Toad’s website:

A little more than a week ago, BlueToad was the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems. Shortly thereafter, an unknown group posted these UDIDs on the Internet.