Industry News

Digital Agency Takes Heat for Apple UUID Leak, FBI Breach still Plausible

One million apple UUIDs, along with a significant amount of Apple customer data that leaked earlier last week by AntiSec members proved to come from digital agency Blue Toad, not from the FBI, as initially thought.

The Florida-based publishing company learned of a severe data breach affecting its servers after David Schuetz, a researcher with mobile device security consulting firm Intrepidus Group, noticed a pattern in the leaked device names: some were referencing Blue Toad.

He prompted Blue Toad, which started investigating the lead. It appears the data was stolen from the company’s servers, but the exact method for siphoning the data, as well as the identity of the attacker, is still unknown.

As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this,” BlueToad’s CEO Paul DeHart told NBC.

According to Schuetz, it is unclear whether the data was stolen by cyber-criminals straight from Blue Toad, or if it made it somehow into a FBI laptop from where it was later siphoned by AntiSec as detailed in the initial pastie.

Was BlueToad really the source of the breach? How did the data get to the FBI (if it really did at all)? Or is it possible this is just a secondary breach, not even related to the UDID leak, and it was just a coincidence that I noticed? Finally, why haven’t I noticed any of their applications in the (very few) lists of apps I’ve received?” Schuetz concluded.

However, judging by the way hacktivist groups associated with Anonymous wrongfully claimed responsibility for the alleged attack against GoDaddy or for the fake UK police data leak, it might be another trick to shed bad light on the FBI and the National Cyber-Forensics & Training Alliance.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.