US publisher confesses to UDID leak
The source of the UDID data which was leaked last week has now been identified as the US-based publisher BlueToad. BlueToad's CEO Paul DeHart said, "That's 100 percent confidence level, it's our data", talking with NBC News and referring to the one million Apple UDIDs that had allegedly been stolen from the laptop of an FBI employee. The data had been stolen from the BlueToad servers about two weeks ago, said DeHart, contradicting the claims of unknown hackers from AntiSec and Anonymous which said the data was stolen in March. BlueToad creates private label digital editions of magazines and other publications, as apps for mobile devices, for around 6,000 publishers.
A security blogger, David Schuetz, had identified the source of the data from obvious patterns in the data and contacted the company with his findings. The company looked into the data and found a very high correlation between the published data and its own inventory. In a public statement, DeHart said the company was taking responsibility and apologised to partners, clients and users of its apps. BlueToad says that it stopped using UDID data several months ago, modified its applications and it has now stopped storing any UDID information that older applications are sending to its servers.
Both the FBI and Apple denied that the device IDs had originated from their information assets. An exclusive report by NBC news explains that there are no clues as to how the data was leaked, though BlueToad says it has "fixed the vulnerability". DeHart says he can't rule out the possibility that the data was shared with others and ended up on an FBI computer, but he also doesn't know who took the data originally. UDIDs were used for a long time as a way of identifying individual users, but Apple has been recommending they not be used and blocking applications that use them from the App Store over the last year. When iOS 6 arrives, Apple will introduce a replacement identification system which separates advertising and account uses of the IDs and allows them to be regenerated.