Hacker group called AntiSec announced it compromised 12 million Apple iOS Unique Device IDs (UDIDs) from the FBI on Tuesday. The group later published one million of the hacked UDIDs to the site Pastebin, Mashable reported.
According to Mashable, UDID is a sequence of 40 characters unique to each Apple device and can be used with other information in identity theft. AntiSec claimed to have hacked the information from the FBI, but the agency said it has yet to find evidence of a breach.
A FBI spokesperson told CNET, "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
The hacker group claims to have good intentions behind the leak, it said in a statement. AntiSec said:
"During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Strangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices using Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cell phone numbers, addresses, ect. the personal details fields referring to people appears many times empty leaving the whole list incomplete in many parts. No other file on the same folder makes mention about this list or its purpose."
However, many are suspicious of the group's intentions and said that the leak could lead to identity theft or social engineering. A LastPass spokesperson told Mashable, "Knowing this personal information, what Apple devices you have and their IDs, the most immediate concern is identity theft."
AntiSec, however, did not post any personal data in its leak and only included UDIDs, which alone do not pose much of a problem. As of right now, Apple users can only check if their UDIDs were leaked.
To check if your Apple UDID was compromised, follow these easy steps given by Mashable:
Step 1: Plug in your Apple device to your computer and open up iTunes.
Step 2: Click on your device's name, listed on the left-hand side of iTunes.
Step 3: Click on "Serial Number." Your UDID should pop up.
Step 4: Since you cannot copy and paste the UDID, copy it down manually.
Step 5: Visit LastPass and put in the first five characters of your UDID and click "Check my UDID."
Final Step: Check the UDIDs listed to see if yours was leaked.
According to Mashable, there is not much you can do if your UDID was leaked, other than signing up for a credit monitoring service or purchasing a new device. It also stated that while a UDID might not be leaked, it could still be among the 11 million other UDIDs compromised.