Scam of the day – September 6, 2012 – The truth about the hacking of 12 million Apple device records

Earlier this week, AntiSec, a hacking group often associated with the larger, more familiar international hacking group Anonymous, posted on line a file that contained a million of what they said was twelve million U.D.I.D. numbers they said they had for various people’s Apple mobile devices such as iPads and iPhones.  They alleged they had obtained these by hacking into the laptop of FBI agent Christopher K. Stangl who is the supervisory agent of the F.B.I.’s Cyber Action Team.  As a part of his job, Agent Stangl has tried to recruit hackers to come and work with the F.B.I.  Apple’s U.D.I.D.s are forty character strings of letters and numbers that are uniquely assigned to each Apple mobile device.  AntiSec said that it was releasing this information to show the world that the F.B.I was using this information to track people.  Armed with a person’s U.D.I.D., someone could track the location of the device.  In the past app developers also used U.D.I.D.s to track customers as they went from one app to another.  However, Apple banned developers from doing this a year ago.  The truth is that the information being posted by AntiSec is accurate, however, Apple says that it did not provide this information to the F.B.I. and the F.B.I said that it had not collected the data.

TIPS

Although this was a very real breach of security, AntiSec could have gotten this information from any number of sources by hacking into Apple itself, video game makers who had the information,  app developers, AT &T or even a file from the F.B.I who may have obtained such information in a legitimate investigation into data breaches.  The truth also is that if your U.D.I.D. was compromised, you are at very little risk of harm.  In order to use this information to make you a victim of identity theft would take additional information such as your email address and your date of birth.  Perhaps the primary lesson for us all to take from this incident is to guard our personal information as much as possible.  For instance, don’t include your birth date on your Facebook page.  Keep your personal information that is public as limited as possible so that identity thieves don’t have an easy time assembling the seemingly innocuous information about you and using it to turn you into a victim of identity theft.