Last week, the news circulated that the hacker group Anonymous had stolen 12 million Apple device identifiers from an FBI laptop.
The truth, it now turns out was that it was Apple's fault. NBC news discovered that the unique device identifiers (UDIDs) came instead from one of the hundreds of companies that Apple’s app model has allowed to track and identify the company’s devices. This is part of an extensive data-sharing network.
The leaked data to a small Florida app publisher called Blue Toad. Blue Toad has confirmed that it was the source of the breach.
UDIDs are identifiers, linked to iPads, iPhones and iPod's, are designed to allow ad networks and app makers to track devices. Apparently, these UDID's are not data that Apple keeps secure, but instead are widely available to hundred of app developers. Apple’s lax privacy model has resulted in a situation where ad firms, developers and parties like Blue Toad can amass large amounts of user data. The worse part is, users whose UDID's were leaked from Blue Toad do not know the company. They have never transacted with Blue Toad or downloaded an app from them. Blue Toad provides services to app developers and not directly to customers.
Apple has started to phase out the UDID's.