Hackers Publish 1 Million Apple UDID Numbers from FBI Laptop

| News
The hacker group Antisec released a million iOS device identifier codes for iOS devices, or UDID codes, over the weekend -- and those codes apparently all came from an FBI laptop. The laptop held a file with over 12 million UDID codes, along with associated user names, cell phone numbers, addresses, and push notification tokens.
The group said in a blog post,
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
Hackers nab 12 million ioS UDID codes from FBIThere isn't any information showing how the data landed in the FBI's hands, raising questions as to whether or not it came from -- at least in part -- an Instapaper server that was mistakenly seized by the agency last year since it's likely the data came from app developers.
Antisec isn't offering up any more details about the security breach until Gawker postes a photo of Adrian Chen, one of the site's writers, wearing a ballet tutu along with a shoe on his head.
UDID codes are unique identifiers assigned to every iOS device. If enough personal data was included with the numbers, it's possible the less than savory part of society could use the information for identity theft, although the list Antisec released was stripped of most data.
The Next Web has put together a web-based utility to check individual UDID codes to see if they're on the leaked list.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

The fact that Antisec released over a million UDID codes isn't good news, even though they're from a list that's over a year old. The big question the leak brings up is why does the FBI have a database with 12 million UDID codes, and why was it stored on a laptop instead of a more secure server?
OK, that's actually two questions. And here's a third: How did the agency cull 12 million UDID codes? The fact that the FBI gathered the codes and associated personal information, and stored it in a what seems to be a relatively unsecured fashion doesn't sit well, nor does the fact that the full list is now in the hands of a hacker group.
One last question: How long before we see Adrian Chen in a tutu?

Popular TMO Stories


Mike Weasner

Maybe I’m just being paranoid or maybe it is really social engineering to steal UDIDs, but why would I enter my UDIDs into the “The Next Web” database?  I’m not saying they are evil, but it seems like they could be another source for the bad guys to collect UDIDs.


I think it’s time to do something to make an example of folks like Antisec.  Hacking into an FBI computer is the pinnacle of ignorance and irresponsibility.  It’s time for a few people to do some federal prison time; enough to make other bozos think twice about how “cool” it is to try to break the system.

Lee Dronick

I am not sure what to make of it, it could be that they are just targeting criminals and suspects. A million of UDID numbers sounds like a lot, but some consider that some 6 million people are in jail or otherwise under correctional custody, probation, and such. Then there are hate groups, terrorist cells, and gangsters who may be under surveillance, but have not commited a crime or been arrested for one.

If they searching the law abiding population in general then “We shall meet in the place where there is no darkness.”


Thanks to TMO for the “heads-up” . I was concerned about putting my whole UDID into “The Next Web” site. But it works with only part of the UDID as well.
I’m not on the FBI’s list ! grin


I think it’s time to do something to make an example of folks like Antisec.

I have a different take on this. I think it’s time for some serious penalties for some FBI bozo’s that think keeping confidential information on some Dell POS laptop is a good idea. This time it’s a list of UDIDs. Next time it could be a list of mob and drug gang informants. At least this won’t get anyone killed. Worst yet at least Antisec are just hackers. Suppose someone working for Al Qaida or some such organization hacked in and stole data on, say, presidential security. They would do a lot worse things than post it on the internet.

This is an FBI screw-up from top to bottom.


“The big question the leak brings up is why does the FBI have a database with 12 million UDID codes..”

Bigger yet, why does the FBI have a database with 12 million EXCLUSIVELY APPLE UDID codes?


@Mike Weasner: The Next Web lookup tools requires noly the first 5 characters of your UUID, so you can keep fairly anonymous.

Betaalbare webdesign

12 million UDID codes, that is huge.

The great information. Keep up the good work.

Betaalbare webdesign

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account