Blue Toad admits it was source of leaked Apple UDIDs

App publisher says it followed 'typical Apple protocol' in gathering UDIDs, but no word on how hackers gained access

An application publishing company called Blue Toad has taken responsibility for being the original source of the millions of stolen Apple UDIDs leaked online last week, according to reports. The admission at least in part contradicts claims from hacker group AntiSec, which said it swiped the data from an FBI agent's computer and accused the law-enforcement group of secretly gathering device IDs to track U.S. citizens.

Blue Toad CEO Paul DeHart told NBC News that the leaked UDIDs almost certainly came from his company, based on an investigation by third-party security analyst David Schuetz. DeHart said his company had been following "typical Apple protocol" in collecting UDIDs. "We have many hundreds of apps on the market," he said during the interview. "Standard protocol was to collect UDIDs as part of the information that gets reported back from the ultimate people who download those apps."

That protocol has since changed, however. "Apple a few months ago came out with some suggestions to begin phasing out the use of UDIDs. They came up with alternative means to do that that," he said. "Fortunately at that time, we did change our codebase and our development efforts to makes sure we didn't use UDIDs, so this was older information we had on our systems."

What's more, Apple will discontinue the use of UDIDs with iOS 6.

DeHart said that as soon as Schuetz approached his company about being the potential source of the stolen data, "[We] began taking steps to come forward, clear the record, take responsibility, and put measures in place to confirm what happened and make sure moving forward we don't have an issue like this again."

Though apologetic about the breach, DeHart provided zero insights as to how hackers got their hands on the Blue Toad's UDID trove in the first place: "This is a big deal for us as a company. Our credibility is on the line. This is something we take very seriously. And we're very apologetic.... Protecting the information that we gather for [customers] is very serious for us."

Blue Toad is one of many companies, including LinkedIn, Yahoo, and more, to suffer breaches at the hands of malicious hackers in recent months as cyber criminals have increased their focus on small and midsized businesses that tend to have less robust security than larger organizations, according to a recent report from Symantec.

The company's admission evidently clears the FBI of AntiSec's accusation that it's been compiling UDIDs to track U.S. citizens. The FBI denied being hacked when the news of the leaked UDIDs first broke. Still, it remains plausible that the file containing the UDIDs found its way onto the FBI network and was subsequently swiped. History shows the organization isn't immune to hacking: Earlier this year, hackers released a recording of an intercepted call between FBI agents and their U.K. counterparts investigating hacker groups Anonymous and LulzSec.

This story, "Blue Toad admits it was source of leaked Apple UDIDs," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies