Hacking collective Antisec on Tuesday announced that it has successfully stolen 1 million iOS UDIDs from an FBI playbook. The hack occurred in March but was only announced after the group confirmed its findings.
The information was swiped from a Dell Vostro that allegedly belonged to Supervisor Special Agent Christopher K. Stangl who works for the FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team.
The playbook was hacked using a vulnerability in the Java systems AtomicReferenceArray.
Antisec says during the hack it culled a lot of information including one file listed as “NCFTA_iOS_devices_intel.csv.”
The file contained information for 12,367,232 iOS devices with nearly 1 million UDIDs discovered. Other information grabbed during the cyber attack included “user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.”
Not all devices contained personal user information as many fields had been cleared prior to the attack.
Exactly how the information on the devices was obtained by the FBI is still unknown. Some experts believe the FBI used a program available to developers which allows UDID and other information to be obtained.
While UDIDs by themselves are mostly anonymous, when they are partnered with other information, they can build up a profile for individual users. Because of the current systems ability to expose customers, Apple has come under fire for still relying on UDID system technology.
The FBI has not yet released an official statement regarding the attack or why they were holding on to device data for millions of Apple device users.
This attack is just another in a growing number of attacks against US law enforcement agencies from the Antisec hacker collective.