Yesterday, while many of us were grilling various meats and dreading the inevitable return to work, hackers posted what they claim are 1 million unique identifiers for iPads and iPhones. According to the hackers, the source of this information is a significantly larger database held by the FBI.
The pastebin post linking to the leaked information claims that during the second week of March, hackers were able to breach a notebook belonging to a FBI agent based out of New York City.
From the post:
“[D]uring the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.”
All iOS devices are associated with a UDID, intended to allow for easier tracking by developers and advertisers. Apple has come under fire in recent months after it was revealed that some third parties were receiving this tracking information without consent.
The hackers say they have always believed that such unique IDs being attached to phones “was a really bad idea,” that and that the “concept should be eradicated from any device on the market in the future.”
“[W]e have learnt it seems quite clear nobody pays attention if you just come and say ‘hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that’,” continues the post. “[W]ell sorry, but nobody will care. FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed. so next option, we could have released mail and a very small extract of the data. some people would eventually pick up the issue but well, lets be honest, that will be ephemeral too.
“So without even being sure if the current choice will guarantee that people will pay attention to this fucking shouted ‘FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT’ well at least it seems our best bet, and even in this case we will probably see their damage control teams going hard lobbying media with bullshits to discredit this, but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it. Also we think it’s the right moment to release this knowing that
Apple is looking for alternatives for those UDID currently and since a while blocked axx to it, but well, in this case it’s too late for those concerned owners on the list.”