Apple device IDs hacked: What you need to know

A hacktivist group has published more than a million Apple device UDIDs acquired from a hacked FBI laptop. Is your iPhone or iPad at risk?

A hacker collective known as AntiSec has published over a million Apple device IDs that it claims were captured from the laptop of an FBI agent. If you own an iPhone or iPad, you might be wondering what this hack means to you, and you might also be curious about why the FBI had your Apple UDID in the first place.

The information was acquired and released by the hackers as a political statement. The lengthy diatribe posted on Pastebin along with the hacked Apple ID info rants about government oppression and hypocrisy.

While the group has published one million and one hacked Apple device IDs, it should be given at least a little credit for restraint. The details stolen from the FBI laptop included more personal information as wellsuch as full names, cell phone numbers, addresses and zip codes.

According to the letter from AntiSec, there were approximately 12 million Apple device IDs stored in the file on the FBI laptop. It chose to release just a portion rather than publishing all 12 million. AntiSec could have simply published the data it acquired without scrubbing it first, but the point its trying to make is against the government and the FBInot the individuals whose information happened to be in the hands of the FBI.

Andrew Storms, director of security operations for nCircle, stresses that the Apple device UDID information itself doesnt really pose a risk to users. UDIDs in isolation arent a big deal. In fact, Apple used to permit apps to spew UDIDs all over the place, so theres a lot of UDID data already in the public domain. For a while, there were a lot of apps using UDID and personal data to track users activity and selling it to advertisers.

But, the hack of an FBI laptop yielding information on 12 million Apple devices does bring up another very valid question. As Storms puts it, This release does make you wonder what the heck the FBI and the DOJ were doing with 12 million UDIDs. Are they working on a case involving Apple or an app maker? And, assuming there is a legitimate reason for the FBI to have this data, why wasnt it better protected?

I have reached out the FBI Office of Public Affairs seeking an official explanation or statement regarding why the FBI was in possession of the Apple device UDID information at all, as well as whether or not there should have been stronger protection in place to guard such sensitive data. As of this moment, the FBI has not yet responded.

Copyright © 2012 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline