AntiSec Leaks 1M iOS Device IDs from FBI

Hacker groups such as Anonymous have been going after all kinds of people recently. The latest scoop happens to be from a FBI computer. AntiSec has posted a document that contains links to around one million unique device identifiers. According to the group, FBI has been tracking Apple customers. The group has lifted over 12M iPhone and iPad IDs off of an FBI agent’s notebook already.

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses …

explained AntiSec. At this point, it is not clear how FBI managed to secure these device IDs (maybe they got those from a developer?). These UDIDs do carry some personal data. Some of the information released as a part of this leak is indeed available to developers.  It does seem this is part of FBI”s effort to fight cyber-crimes but is still a disturbing development nonetheless.

The FBI has not provided a comment on this leak at this point. Apple has already taken steps to block UDID app access for privacy reasons. It will be interesting to see what other steps Apple will take to protect its customers’ privacy. The fact that the FBI may be tracking users should not be surprising at this point though.