A little-known tech company claimed it — and not the FBI — was hacked and mined for one million now-stolen Apple IDs, the outfit announced today.
On Sept. 4, an anonymous hacker group boasted of breaking into a New York FBI agent’s laptop computer, and making off with unique ID numbers of 12 million iPhones, iPads and iPods.
But now Florida-based BlueToad publishing company claims it was the hacking victim, not the FBI.
“A little more than a week ago, BlueToad was the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems. Shortly thereafter, an unknown group posted these UDIDs on the Internet,” BlueToad CEO Paul DeHart said in a prepared statement.
“At BlueToad, we understand the importance of protecting the safety and security of information contained on our systems. Although we successfully defend against thousands of cyber attacks each day, this determined criminal attack ultimately resulted in a breach to a portion of our systems.”
The hacker group, calling itself Antisec, said in a rambling online manifesto that the FBI agent’s data included Apple users’ cellphone numbers, addresses and names.
Antisec claimed that it posted information from a million of the stolen IDs, to force citizens to understand how the FBI “is using your device info for a tracking people project or some s–t.”
But app developer BlueToad insisted it was the victim here.
“When we discovered that we were the likely source of the information in question, we immediately reached out to law enforcement to inform them and to cooperate with their ongoing criminal investigation of the parties responsible for the criminal attack and the posting of the stolen information,” DeHart said.
“We have fixed the vulnerability and are working around the clock to ensure that a security breach doesn’t happen again. In doing so, we have engaged an independent and nationally-recognized security assurance company to assist in our ongoing efforts.”
DeHart told NBC News he’s completely sure the stolen material is from his company.
He said technicians compared the hacked data to BlueToad’s own database and found a remarkable 98-percent match.
“That’s 100 percent confidence level, it’s our data,” he told NBC.
In his public statement, DeHart said he’s sorry about the security breach.
“We sincerely apologize to our partners, clients, publishers, employees and users of our apps. We take information security very seriously and have great respect and appreciation for the public’s concern surrounding app and information privacy,” he said.
“BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, social security numbers or medical information. The illegally obtained information primarily consisted of Apple device names and UDIDs – information that was reported and stored pursuant to commercial industry development practices.”