AntiSec Leaks 1 Million Apple Device IDs Obtained During FBI Breach (Updated)

Antisec has released 1 million Apple Unique Device Identifiers (UDIDs), claiming that it obtained them after breaching an FBI computer. It also claims to have over 12 million IDs in total, along with user names, device names, cell phone numbers and addresses to go with them. This is very not good.

In a statement Antisec explains:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

Antisec suggests that the FBI is using the information to track citizens. It's not clear, of course, whether any of these claims are true—but if they are, the NCFTA acronym in Antisec's file name could likely stand for National Cyber-Forensics & Training Alliance, which "functions as a conduit between private industry and law enforcement." If that's the case, it could mean Apple is feeding the FBI user data though the NCTFA, that the FBI is mining its own data... or something else entirely.

Either way, we won't be able to get any follow-up intel for a while, it sounds like; the hackers have refused to speak with journalists until our Gawker colleague Adrian Chen poses "with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop." Which should also give you some sense of the type of people who have access to all your vital data.

To see if yours was one of the million that's been released so far, head over to TNW's database crosschecker. And remember, even if yours doesn't pop up, there are 11 million more where those came from.

We've reached out to the FBI and NCTFA for comment, and will update this post accordingly. [Pastebin via YCombinator via The Next Web]

Update: The FBI says it is "declining to comment at this time," which means it's very much possible that an FBI computer is the original source of this alleged data dump. That would be a massive black eye for the same feds that more or less destroyed Anonymous five months ago. Or so they (and we) thought.

Update 3: The FBI has provided us with a more detailed statement, denying that its computer was breached:

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."