Hacking Group Steals and Publishes Millions of Apple ID Numbers

Sep 5, 2012 16:19:07Posted by John Skorick, MyAKA Founder & CEO

Hacking Group Steals and Publishes Millions of Apple ID Numbers

Earlier this week, a hacker group known as Antisec announced that it had obtained 12 million unique device identifiers (UDIDs) from Apple iPhone and iPad users. According to NECN, the group posted 1 million of these numbers online as proof, with an accompanying message claiming the information had been removed from the laptop of an FBI agent. The FBI has denied allegations that this information was found on a device used by the organization or that the agency would have a reason to collect the data.

A UDID is a unique 40-character code that is assigned to each individual Apple device. They are not directly linked to your personal information, but a hacker could use the ID number to obtain information about your mobile usage, from apps you've downloaded to websites you have visited on your device. It also opens up the possibility for identity theft, as a UDID could potentially lead a hacker to your personal information, such as bank account numbers, email addresses, phone numbers and more.

"There's an enhanced risk of fraud with this breach," Sarah Downey, Online Privacy Analyst for Abine, a Boston-based internet security firm, told the news source. "Because of this breach, app developers or hackers have the means to really hyper-target people with fraudulent attacks. If you have one piece of information, and you can tie it to these other pieces, you're very, very close to accessing somebody's bank account or committing identity theft against them."

Earlier this year, Apple stopped allowing app developers to access the UDID, according to LifeHacker.com, because some developers were sending these numbers to databases without users' knowledge. The released UDID data was accompanied by a username and an Apple Push Notification badge, while names and other personal information were withheld from the list. Antisec claimed in its announcement that this would allow users to find out if their information had been listed or not, PC Magazine reports.

There are a number of secure websites through which Apple device owners can check to determine if their UDID has been compromised.

"You might want to talk to Apple to see if you can swap your device for another one, given that you've been compromised," Mike Tuchen, CEO of Rapid7 a Boston analysis firm that calculates security risks for companies and organizations, explained to NECN. "For that one device, there's nothing that you can do."

This incident not only puts 12 million Apple users at risk, but it also highlights the importance of protecting your internet and cell phone privacy no matter what devices you use.