Hacker Group Obtains 12 Million UDIDs by Breaching FBI Laptop

According to a post on Hacker News (via TNW), the AntiSec group claims to have hacked an FBI computer and obtained roughly 12 million Apple Unique Device Identifiers (UDID), alongside user names, addresses, cellphone numbers, and more. UDIDs are strings of numbers and letters used by Apple and developers to identify your iOS device. They noted in their statement how this info was obtained:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

AntiSec released 1 million UDIDs publicly to get the public to question why an FBI agent’s computer would house so many UDIDs on a government laptop. Most of the important personal data was trimmed, but enough info there to see if a users’s UDID does exist in this first release. It will be interesting to see what the FBI has to say in response to this ‘discovery’.

Just this March, it was reported Apple had started to restrict developer access to device UDIDs.