Anonymous Leaks 1M Apple Device UDIDs
Orome1 writes "A file containing a million and one record sets containing Apple Unique Device Identifiers (UDIDs) and some other general information about the devices has been made available online by Anonymous hackers following an alleged breach of an FBI computer. 'During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,' the hackers claim."
Update: 09/04 13:44 GMT by T : A piece at SlashCloud points out that if the leak is genuine, this raises some sticky questions about privacy and security; in particular: "[H]ow did the agency obtain said information, and to what purpose? Why did all that personal data reside on the laptop of one special agent?"
Going to explain why they gave all the UID of their devices to the FBI?
UDID's aren't allowed to be used by apple anymore. Well maybe not disallowed but strongly discouraged, & depreciated in ios5, as far as I can tell.
Review the permissions of the app. It can read and write contact information and it can take pictures and video, access phone state and identity, determine your location and record audio. At any time. Anybody actually read 1984? But at least Android tells you about it.
The current theory (as mentioned by Marco Arment) is that it may be from AllClear ID's iOS app, given that AllClear officially joined the NCFTA in the second week of March. Since the leaked file's name had NCFTA in it, it's pretty clear that it came from the NCFTA, and it would make sense that AllClear would have started providing some data prior to when they actually announced they had joined, so that may explain (but certainly not justify) why someone had something like that on their desktop on the week of the attack.
If AllClear is indeed the source, that would be some rather delightful irony, given that they would be directly responsible for causing more damage to their customers than they will ever likely prevent.
Also, if AllClear sounds familiar, it may be because they were the the company providing a year of free identity theft protection to Sony customers after the hacks last year that compromised millions of PSN accounts.