UPDATE–The Antisec arm of hacktivist group Anonymous published one million unique device identifier numbers, or UDIDs, for Apple devices, including iPhones and iPads, on Monday night. The group alleges the slew of information was swiped from a laptop belonging to the FBI earlier this year.
In a post on Pastebin, Anonymous maintains that the list of UDIDs originally contained information on 12,000,000 devices but later trimmed it down to 1,000,001 and stripped personal data like full names, cell numbers, addresses and ZIP codes from the file.
Each UDID is followed by what Anonymous claims is a Push Notification Service DevToken, along with the device’s name and type associated with the UDID.
According to the Pastebin post, the group unearthed the UDIDs after compromising the laptop of an FBI agent in March and exploiting the same AtomicReferenceArray hole the Flashback Trojan used earlier this year in Java. A file, “NCFTA_iOS_devices_intel.csv,” then yielded a list of 12,367,232 UDIDs.
The FBI denied that the bureau ever had the data or that Anonymous was able to compromise an agent’s laptop.
“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data,” the bureau said in a statement late Tuesday.
Apple announced last summer that with the launch of iOS 5 it was planning on phasing out UDIDs, strings of 40 characters that act as serial numbers for its devices. Facing mounting privacy concerns, the company followed that up with an announcement in early spring this year that it would begin to reject new applications that asked for the numbers.
While Antisec knows of Apple’s intent to discontinue UDIDs, the hacktivist group says the hack was done to bring attention to Apple’s use of the identification numbers.
“We always thought it was a really bad idea. That hardware coded IDs for devices concept should be erradicated [sic] from any device on the market in the future,” reads one part of the Antisec release.