Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
69,401
40,445



bluetoad.png


A week ago, a hacker group released a dump of 1 million unique identifiers (UDIDs) from Apple iOS devices. The group claimed they acquired the list from the FBI, but the law enforcement organization denied it a day later.

Now, a small App Store publishing company in Florida called Blue Toad says the IDs were stolen from its servers, reports NBC News.
A small Florida publishing company says the million-record database of Apple gadget identifiers released last week by the hacker group Anonymous was stolen from its servers two weeks ago. The admission, delivered by the company's CEO exclusively to NBC News, contradicts Anonymous' claim that the hacker group stole the data from an FBI agent's laptop in March.

[...]

Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company's own database. The analysis found a 98 percent correlation between the two datasets.
The CEO noted that as they analyzed the leaked data, the company found a 98 percent correlation between the stolen data and their own, DeHart told NBC."As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this."

NBC spoke to an Apple spokesperson about the revelation, as well: "As an app developer, BlueToad would have access to a user's device information such as UDID, device name and type. Developers do not have access to users' account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer."

Apple has moved away from using the unique device identifier, or UDID, as a means for identifying a particular user for privacy reasons. Earlier this year, Apple began rejecting iOS apps that utilized the UDID, in favor of alternate identification schemes.

Article Link: Blue Toad Publishing Company Admits Stolen 'FBI' UDIDs Came From Them
 
It's a little worrying all these little/smaller companies are holding any data like this in unsecured locations - ripe for the picking.
 
Have the UDID's been stolen or not?

Yes they were stolen, but not from the FBI. Translation: The FBI does not have a database of a million+ Apple UDID's for devices they are tracking. If you have purchased a BlueToad app in the past then your UDID is probably on this list.
 
Wait...these guys got their hacked information from a blue toad?!? Now I've heard everything. :D
 
Hmmmm....

I had a chance to check that file and details for my devices were there but I never used or downloaded an app developed by bluetoad (unless they're behind apps other than those directly related to their name) or one of their "Newsstand" maagazines.
--------

update: Ok I just saw another post pointing to Flipboard, which I have.
 
Last edited:
The NBC article is actually fairly good (I expected crap, to be honest) - suggested reading before posting.
 
So Blue Toad held all these device IDs which contain usable data and now these IDs are available to pretty much anyone with an internet connection?

In which case, their "Smarter Content, Smarter Distribution" tagline is bordering on genius.
 
I had a chance to check that file and details for my devices were there but I never used or downloaded an app developed by bluetoad (unless they're behind apps other than those directly related to their name) or one of their "Newsstand" maagazines.

Go read the article.
 
So what is the point of such 3rd party companies to have this information? No doubt they will say it's to 'better troubleshoot app issues and provide a better experience', but is this sort of aggregation to sell "anonymized" app habits to advertisers based on cobbled together app downloads? Are they really that slimy?
 
no such thing as bad press. now we've all heard of bluetoad.
 
Yes they were stolen, but not from the FBI. Translation: The FBI does not have a database of a million+ Apple UDID's for devices they are tracking. If you have purchased a BlueToad app in the past then your UDID is probably on this list.

It doesn't confirm or deny what the FBI does or doesn't have. It just reports that this particular leak was almost certainly from Blue Toad.

I hope you understand the difference between what you're writing and the facts.
 
You guys aren't thinking conspiracy theory enough!

They are a FBI scapegoat, to cover up their involvement!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.