Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

App Firm Says it May be Source of Apple Breach

A digital publisher said Monday it was likely the source of a data breach which resulted in the leak of personal data from as many as 12 million Apple iPhone and iPad users.

Hackers initially claimed the data containing Apple identification codes known as UDIDs was stolen from an FBI computer, but the US law enforcement agency claimed this was incorrect.

A digital publisher said Monday it was likely the source of a data breach which resulted in the leak of personal data from as many as 12 million Apple iPhone and iPad users.

Hackers initially claimed the data containing Apple identification codes known as UDIDs was stolen from an FBI computer, but the US law enforcement agency claimed this was incorrect.

BlueToad, a Florida-based firm which creates digital and mobile editions of publications, said that it was “the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems.”

Paul DeHart, the company’s chief executive and president, said in a blog posting that the firm immediately contacted law enforcement after learning of the attack.

“Although we successfully defend against thousands of cyber attacks each day, this determined criminal attack ultimately resulted in a breach to a portion of our systems,” he said.

“When we discovered that we were the likely source of the information in question, we immediately reached out to law enforcement to inform them and to cooperate with their ongoing criminal investigation of the parties responsible for the criminal attack and the posting of the stolen information.”

The company apologized for the breach and said it had fixed the vulnerability. It also said it does not collect sensitive personal information like credit cards, social security numbers or medical information.

“We understand and respect the privacy concerns surrounding the data that was stolen from our system,” DeHart said.

“BlueToad believes the risk that the stolen data can be used to harm app users is very low. But that certainly doesn’t lessen our resolve to ensure that all data is protected and kept from those who seek to illegally obtain it.”

The group called AntiSec, linked to the hacking collective known as Anonymous, posted one million Apple user identifiers purported to be part of a larger group of 12 million obtained from an FBI laptop.

The FBI initially had no comment on the reports, but later issued a statement which said it never had the data in question.

One website set up a database to help users determine if their device was on the hacked list of Apple unique device IDs (UDIDs)

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...