About a week ago, the hacker group AntiSec released 1 million UDIDs into the wild, claiming they came from the FBI. The FBI denied this, but now we may know the source of the leak. Digital publishing platform BlueToad has talked to NBC and released a blog post saying the information was stolen from their servers.
As NBC reports:
Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company’s own database. The analysis found a 98 percent correlation between the two datasets.
“That’s 100 percent confidence level, it’s our data,” DeHart said. “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”
BlueToad assists with the creation of digital editions and app-building, and serves 100 million page views a month, including clients that are “household names.”
Since the leak has come to light, BlueToad has fixed the vulnerability that allowed it to occur, and even though was already phasing out the use of UDIDs, it will now no longer store them at all.
The next question is why did Anonymous think that this information came from the FBI? Or, if it did come from the FBI, why did they have a stolen list of UDIDs?