Following the leak of millions of UDIDs for Apple’s iOS devices, a publishing company called BlueToad has come forward to NBC News as the source of the leaks. Anonymous, the group who obtained approximately 12 million Apple UDIDs of iOS device customers, initially pinpointed that the data came from an FBI laptop. The FBI quickly refuted the claim, and Apple commented as well.
BlueToad, a publishing company for apps on Apple’s App Store, says that UDIDs were stolen from its servers two weeks ago. The company says that the leaked UDID data matches its stolen data at a level of 98%.
Apple commented to NBC on the matter involving BlueToad:
BlueToad mainly builds applications for App Store developers. The company said that it would leave it up to those developers to contact affected customers.
The company has posted a message on its website:
Written by Paul DeHart, CEO and President#
A little more than a week ago, BlueToad was the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems. Shortly thereafter, an unknown group posted these UDIDs on the Internet.#
Although we successfully defend against thousands of cyber attacks each day, this determined criminal attack ultimately resulted in a breach to a portion of our systems.#
When we discovered that we were the likely source of the information in question, we immediately reached out to law enforcement to inform them and to cooperate with their ongoing criminal investigation of the parties responsible for the criminal attack and the posting of the stolen information.#
We have fixed the vulnerability and are working around the clock to ensure that a security breach doesn’t happen again. In doing so, we have engaged an independent and nationally-recognized security assurance company to assist in our ongoing efforts.#
We understand and respect the privacy concerns surrounding the data that was stolen from our system. BlueToad believes the risk that the stolen data can be used to harm app users is very low. But that certainly doesn’t lessen our resolve to ensure that all data is protected and kept from those who seek to illegally obtain it.#
We will continue to monitor this situation and cooperate with law enforcement in the investigation of the parties responsible for this crime#