The AntiSec group claims to have over 12 million Apple Unique Device Identifiers (UDIDs) as well as usernames, cell phone numbers and other personal information that they have obtained from a breach of an FBI Agents laptop. They have released over 1 million of those to the public — as proof.

The hackers have issued the following statement on how the data was obtained:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ”NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

You can check to see if your UDID is in the list by checking it against this tool.

So really how bad is this? We’re not sure as of right now, but I’m thinking you could use the UDID to get into someone else’s gaming account, Twitter or Facebook account. We’ll have to wait for an official news release from Apple to know how bad it really is.

email