ORLANDO, Fla. - An Orlando company said Monday that the database of Apple device information that hackers stole and posted on the Internet last week came from a file the firm had in its computer system.
The disclosure comes nearly a week after a hacker group, which calls itself AntiSec, claimed that the data was stolen from an FBI laptop. The FBI flatly rejected the claim, saying it never possessed the information. The data included about
one million unique identification numbers for Apple devices and some personal information, such as the names people assign to their iPads, iPhones and iPods.
BlueToad is a digital publishing company that converts files so that they can be more easily read online and by mobile devices. In a statement, company president Paul DeHart said the Apple data was stolen in a cyber-attack against BlueToad.
"BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, Social Security numbers or medical information," he said in the statement. "The illegally obtained information primarily consisted of Apple device names and UDIDs (unique device identification numbers) -- information that was reported and stored pursuant to commercial industry development practices."
Apple assigns UDIDs -- a string of numbers and letters -- to all of its devices. The numbers let iTunes and application developers know which device is running which apps. As an example, the numbers allow game developers to keep track of users' high scores.
"What happened to it once it left our server and our environments, I have no idea," said DeHart.
The company has made more than 500 apps for publishers of mostly magazines, but also for books and newspapers. The company stores the data on its server to help publishing companies keep track of how many people visit their newspaper, magazine and book apps.
BlueToad operates with about 30 employees that work out of an office building behind the Mall at Millenia.
DeHart said his company is working with law enforcement officials on the case, and has fixed the computer vulnerability that led to the breach.
"Can you guarantee that if I'm an Apple user that my personal information is not out there?" asked WFTV's Daralene Jones.
"I can't guarantee anything. That's just reality," said DeHart.
But officials said if the hackers have a user's credit card information or Social Security number, they would've had to tap into another developer's server that uses the information as the password to authenticate the device.
Some technology experts are saying the unique id's can be used to hijack Twitter, Facebook and gaming accounts, despite what BlueToad said.
The FBI did not comment on BlueToad's disclosure.
AntiSec is linked to a group known as Anonymous, which -- along with another offshoot called Lulz Security -- has been tied to a number of high profile computer attacks and crimes, including many that were meant to embarrass governments, federal agencies and corporate giants.
What you can do to protect yourself:
Type BlueToad into the app store search function to get a list of the 500 apps BlueToad produces. The president of the company said individual publishers, and not BlueToad must notify customers that information has been compromised. But there's no telling how long that might take, so keep an eye on credit card accounts.