Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Hackers Claim FBI Had 12 Million Apple UDIDs

A hacker group has claimed to have obtained personal data from 12 million Apple iPhone and iPad users by breaching an FBI computer, raising concerns about government tracking.

The group called AntiSec, linked to the hacking collective known as Anonymous, posted one million Apple user identifiers claimed to be part of a larger group of 12 million, purportedly obtained from an FBI laptop.

A hacker group has claimed to have obtained personal data from 12 million Apple iPhone and iPad users by breaching an FBI computer, raising concerns about government tracking.

The group called AntiSec, linked to the hacking collective known as Anonymous, posted one million Apple user identifiers claimed to be part of a larger group of 12 million, purportedly obtained from an FBI laptop.

Contacted by AFP, FBI spokeswoman Jenny Shearer said: “We’re not commenting.”

Peter Kruse, an ecrime specialist with CSIS Security Group in Denmark, said on Twitter that the leak “is real” and that he confirmed three of his own devices in the leaked data.

“Also notice that they claim to have fullname, adresses, phone numbers etc… Big ouch!” he tweeted.

Eric Hemmendinger, a security expert with Tata Communications, said the report raises concerns about the protectors of cybersecurity.

“The question is not whether it’s accurate, it is why did the feds have the information and why did they not take due care to secure it,” he told AFP.

Advertisement. Scroll to continue reading.

Hemmendinger said that based on past reports from Anonymous and related groups, he believes the report is probably true.

“If you work in cybersecurity and your machine gets hacked, that’s a pretty embarrassing scenario,” he said.

Apple did not immediately respond to a request for comment.

Social media and news blogs were aflutter with the news. The tech blog Geekosystem called it “one of the worst privacy disasters yet” and various Twitter comments said the news suggested the FBI is tracking Apple users.

One website set up a database to help users determine if their device was on the hacked list of Apple unique device IDs (UDIDs).

“Quite why the FBI was collecting the UDIDs and personal information of millions of iPhone and iPad users is not yet clear — but it’s obvious that the data (and the computer it was apparently stored on) was not adequately secured,” said Graham Cluley of the British security firm Sophos.

“My suspicion is that the hackers were more interested in embarrassing the FBI’s team than endangering innocent users. All the same, hacking into computers is a criminal act — and I would anticipate that the FBI and other law enforcement agencies will be keen to hunt down those responsible.”

Others expressed concern about the apparent leak.

“Since UDIDs are unique to each iPhone and iPad, having yours end up in the wrong hands is a concern,” said Josh Ong on the technology blog The Next Web.

“The bigger issue, however, is that they were tied to additional personal information, including user names, device names, notification tokens, cell phone numbers and addresses, that could potentially lead to identity theft.”

Johannes Ullrich of the SANS Internet Storm Center said it was difficult to verify the report.

“There is nothing else in the file that would implicate the FBI. So this data may very well come from another source. But it is not clear who would have a file like this,” he told AFP.

Ullrich said it is unclear why the FBI, if the report were true, would have the data.

“The size of the file… would imply a widespread, not a targeted tracking operation, or the file was just kept in case any of the users in the file needs to be tracked,” he said.

“The significance of this breach very much hinges on the source, which as far as I know, hasn’t been authenticated yet. The data is, however, real based on some of the reports that people do find their own UDID in the file.”

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...