The 12 million Apple iOS Unique Device IDs (UDIDs) compromised last week by the hacker group Anonymous were not stolen from an FBI agent's laptop but from a small Florida publishing company, NBC News reported.
The company, called Blue Toad, told NBC News that the UDIDs were stolen from its servers two weeks ago and not in March as had been previously reported. According to Mashable, UDID is a sequence of 40 characters unique to each Apple device and when used with other information can lead to identity theft.
According to the newest report, Paul DeHart, CEO of Blue Toad, said that technicians at his company compared data released by Anonymous to the company's own database and found a 98 percent parallel.
DeHart told NBC News, "That's 100 percent confidence level, it's our data. As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this."
A group called AntiSec, reportedly stole the UDIDs compromised last week, and later leaked a portion on the site Pastebin, Mashable reported. The hacker group's claim that it stole the information from the FBI is now put in doubt following Blue Toad's announcement.
The FBI and Apple were quick to reject the notion that the agency used the UDIDs to track U.S. citizens. A FBI spokesperson told CNET, "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
However, DeHart told NBC News that he did not rule out the possibility that the data stolen from his company's servers had reached the FBI. Apple told reporters that it had not provided the information to the FBI but that app developers, such as Blue Toad, would have access to user's UDID.
According to NBC News, DeHart's company will not be contacting consumers to let them know if their information has been compromised but will leave it to individual publishers to decide what they will do.
Alone, UDIDs do not pose much of a risk, but combined with other vital information could lead to identity theft. Unfortunately, not much can be done once a UDID is stolen and published on the web. Users can only check to see if their UDID was compromised as well as sign up for credit monitoring services to make sure identity theft does not occur.