ORLANDO, FLORIDA – Identification numbers for more than one million Apple products that were posted online by hackers last week had been stolen from a Florida-based digital publishing firm, not from the laptop of an FBI agent in New York, the company's chief executive officer said on Monday.
On September 4, a post on the text-sharing website Pastebin claimed 'Anonymous' affiliate AntiSec had hacked the laptop of FBI agent Christopher Stangl during the second week of March 2012 by using a vulnerability in the computer's Java software. The group said it downloaded a CSV file which turned out to be a list of 12,367,232 unique device identifiers (UDIDs) for Apple devices.
To demonstrate it has the information, which included some personal information such as user names, device names, type of devices and Apple Push Notification Service tokens, AntiSec released more than 1 million of the Apple numbers. But the FBI quickly denied it was the source of the data, saying it never sought or obtained such information.
On Monday, Paul DeHart, the CEO and President of Florida-based digital publishing firm BlueToad, confirmed a cyber attack earlier this month at his company had led to the theft of Apple UDIDs from its systems. "Although we successfully defend against thousands of cyber attacks each day, this determined criminal attack ultimately resulted in a breach to a portion of our systems," he said in a statement.
DeHart said the company has since fixed the vulnerability and is working to prevent security breaches in the future. "We sincerely apologize to our partners, clients, publishers, employees and users of our apps," he said. "We take information security very seriously and have great respect and appreciation for the public’s concern surrounding app and information privacy."
But in a statement on late Tuesday, AntiSec denied BlueToad was the source of the data, insisting it had never heard of the company. "We got fire from GoDaddy scandal the same day news magically also got front page everywhere discrediting the FBI hack with some company making themselves responsible (?!) LOL!" the statement, written in broken English, said.
It added: "But there's a little bit problem. First we don't know what the f[explicit] is BlueToad and wtf is doing on this. But, more juicy thing, you have a problem, Houston: Some journalists knew about this hack quite long time before you, blue toast (or whatever), declared to be hacked. XD Lulz. Epic fail is epic."
Technology security experts last week described the breach as serious but said the information will not allow hackers to break into peoples' iPhones.