Hacked Apple Device IDs Actually Came From App Developer, not FBI

Who is hacking whom?

Hacking can indeed hurt some butt. (Screengrab)

NBC News is reporting the millions of Apple (AAPL) Unique Device Identifiers (UDID) hackers say they snatched from an FBI agent’s laptop actually came from Blue Toad Publishing, a Florida-based app developer. NBC reports that Blue Toad “provides private-label digital edition and app-building services to 6,000 different publishers, and serves 100 million page views each month.”

Sign Up For Our Daily Newsletter

By clicking submit, you agree to our <a href="http://observermedia.com/terms">terms of service</a> and acknowledge we may use your information to send you emails, product samples, and promotions on this website and other properties. You can opt out anytime.

See all of our newsletters

A researcher named David Schuetz contacted Blue Toad last week with the suggestion the data actually came from them, and the company’s engineers conducted a forensic analysis:

Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company’s own database. The analysis found a 98 percent correlation between the two datasets.

Mr. DeHart told NBC that his company has “100 percent confidence” that the currently available UDIDs were in their system and likely hacked from Blue Toad servers a couple of weeks ago.

As NBC reports, Apple and the FBI have issued denials in connection with the hacker’s claims regarding the data, which surfaced early last week. The FBI has denied the UDIDs were snatched from the compromised laptop of Special Agent Christopher K. Stangl and along with Apple insists it is not colluding with the feds in using the identifiers to track private citizens.

Anonymous and AntiSec, the sub-collective that released the initial 1 million numbers, have used the leaked UDIDs and their alleged connection to the FBI to shore up a contention that the government is invading our privacy and creating a dystopic surveillance state. If the numbers actually came from Blue Toad, has AntiSec resorted to what amounts to a kind of “false flag” operation to try and make a point?

At this time no Anonymous-associated Twitter account has responded to NBC’s report. We will update this post if they do.

The initial response might include the question, what the heck was Blue Toad doing with all those numbers sitting in its servers in the first place?

Hacked Apple Device IDs Actually Came From App Developer, not FBI