Last week, TheBlaze reported that a faction of the hacktivist collective Anonymous claimed to have compromised an FBI computer to obtain 12 million Apple IDs -- 1 million of which it released to the public.
The group AntiSec used the release of this information claim it as evidence of the FBI spying on American citizens. Now, an app developer has come forward to say it was investigating a hack of its own system around the time of AntiSec's announcement and found it in fact was the source of these Apple Unique Device Identifiers (UDIDs). The FBI had said shortly after AntiSec claimed to have breached its computers that it was not hacked.
CNN reports the CEO of the company BlueToad saying after AntiSec announced its hack and the company associated itself with the IDs, it felt the need to come forward:
"Once we realized we were responsible, it was the right thing to do to come forward," [CEO Paul] DeHart said. "We felt it was important for people to understand that there might be a more legitimate source for that information getting out."
The company immediately contacted Apple and the FBI and hired a security consulting firm to help ward off attacks.
Now, due to the breach, DeHart told CNN his company has decided to stop using UDIDs altogether in its apps, a move some in the tech industry and privacy advocates have long been wanting app developers to take.
DeHart also clarifies that AntiSec only took 2 million UDIDs, not 12 million as it had initially claimed.
In a blog post on the BlueToad website, DeHart wrote the company had "fixed the vulnerability and are working around the clock to ensure that a security breach doesn’t happen again."
He clarifies in the post that BlueToad does not collect sensitive information like credit card or social security numbers. The illegally obtained Apple UDIDs were "stored pursuant to commercial industry development practices.
He continues saying that the company believes the risk to users whose IDs were leaked is relatively low.