FOX News : Hackers associated with the hactivist group AntiSec have posted 1 million Apple Unique Device IDs online, and they claim to have more than 11 million more, along with corresponding user names, phone numbers and addresses. Although the device IDs alone don’t reveal any personal information about the people who own the Apple devices they represent, security researchers have demonstrated that it’s fairly easy to connect a device ID to a person’s name.
The hackers claim the information comes from a laptop used by FBI agent Christopher Stangl, who works on a cybercrime task force. “During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,” says the Pastebin posting with the Apple Device IDs. “During the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts.”
The posting explains that the hackers leaked the data in order to call attention to the fact that the FBI had this personal information. The FOX News article notes, “It is not clear why an FBI agent would have a database of 12.4 million iOS device UDIDs on his laptop, nor why the NFCTA would have provided them to him.”