Blue Toad Publishing Company Admits Stolen 'FBI' UDIDs Came From Them

A week ago, a hacker group released a dump of 1 million unique identifiers (UDIDs) from Apple iOS devices. The group claimed they acquired the list from the FBI, but the law enforcement organization denied it a day later.

Now, a small App Store publishing company in Florida called Blue Toad says the IDs were stolen from its servers, reports NBC News.

A small Florida publishing company says the million-record database of Apple gadget identifiers released last week by the hacker group Anonymous was stolen from its servers two weeks ago. The admission, delivered by the company’s CEO exclusively to NBC News, contradicts Anonymous' claim that the hacker group stole the data from an FBI agent's laptop in March.

[...]

Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company's own database. The analysis found a 98 percent correlation between the two datasets.

The CEO noted that as they analyzed the leaked data, the company found a 98 percent correlation between the stolen data and their own, DeHart told NBC."As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this."

NBC spoke to an Apple spokesperson about the revelation, as well: "As an app developer, BlueToad would have access to a user's device information such as UDID, device name and type. Developers do not have access to users' account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer."

Apple has moved away from using the unique device identifier, or UDID, as a means for identifying a particular user for privacy reasons. Earlier this year, Apple began rejecting iOS apps that utilized the UDID, in favor of alternate identification schemes.