Hacking Group Claim To Have 12 Million Apple UDIDs And Personal Information

Hacking group Antisec are claiming to have obtained 12 million UDID (unique device identifier) records and related personal information.

The 40 character UDID code is tied to a single Apple device and is normally used by app developers for tracking purposes.


AntiSec have released 1,000,001 UDIDs on to the Internet but have removed any personal information such as addresses and emails which it claims it has also obtained.

The source of the data is not a hack on the Apple servers, instead Antisec claim to have obtained access to an FBI laptop belonging to Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office.

A file called “NCFTA_iOS_devices_intel.csv” was on the agent’s desktop and the hackers claim it contained  “12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.”

The big question is why does the FBI have a file with 12 million Apple ID’s? How did they get them? Did Apple hand them over and why so many?

We suggest you change your passwords (yes, again), just in case Antisec decide to release further information.

Source: DailyTech 



  1. I’m FAR more worried about the FBI’s possession of people’s information rather than Antisec and other hackers. There should be some sort of public statement every time information is requested by authorities in such massive quantities.

    • This.

      • Mebbe they hacked it from Apple. Wonder if they will say anything.

      • NCFTA – National Cyber-Forensics & Training Alliance

        Hardly hacked from Apple.

      • Not following you… why does that mean it hasnt been hacked form Apple? It’s possible.

      • You’re saying that the FBI hacked Apple?

        Anyway, no. See below for by far the most likely avenue that this data passed down.

      • “It’s possible.”

        It’s not. For example: why would the CSV only have 12 million records? Teflon is 99.9% definitely right.

  2. Uh oh. Apple’s going to sue the FBI next…

  3. “Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses”

    No passwords. Yet.

  4. Why the fuck have the FBI got this information. The American state checking peoples private tech without them knowing?

    Very worrying indeed.

  5. So it’s not just our country’s security folk who leave important info lying around.

  6. I’m not 100% sure, but all of this seems like stuff that Path and any app was able to attain before Apple had to start cracking down on these things.

    -UDID is the device’s specific identifier string, and able for apps to previously transmit along with the name of the device (I believe).
    -User name (just an email address), zipcodes, addresses and cellphone numbers are all contact details.
    -Push tokens would be granted if you allow an app to send you push notifications.

    Passwords to your Apple ID would not be included, but with the huge, vast database drops and ever increasing computer powers that’s hardly an obstacle for anyone with a £1000 computer and the determination to hack an account. Or can figure out the way around any new social engineering hacks that people have.

    Anyway, you want to know the source? It’s plain and obvious in the file name. NCFTA, the National Cyber-Forensics and Training Alliance, have an app called AllClear ID, which will let you know when the FBI or others find your details in the hands of hackers.

    Clearly that means they need to have your details on file, and quite obviously that’s meant that their app pulls details from your phone and shares them with some chumps at the FBI.

    Funnily enough the app was released right around the time Apple was deprecating the ability to send UDIDs, and I wouldn’t be surprised if that app had about 12 million downloads…

  7. This is Apple we’re talking about

    The company which left a published & known critical flaw in iTunes unpatched for over 3 years. This critical flaw enabled a security company called Gamma International to market a surveillance product to governments around the world, their product utilised this flaw which left iTunes users systems exposed to anyone who wanted to access them.

    Although, given that the US Government can ‘allegedly’ come up with things like Stuxnet & Flame, they probably wouldn’t even need a flaw to gather unique & identifiable information from citizen’s connected devices.

    • You’d think that the Government wouldn’t take 3 years to develop tracking tools.
      To be fair, all they need to do is work with the telephone companies to track you everywhere.

  8. Don’t mess with John Mclane.

  9. Big Brother is watching!

  10. Well the NCFTA can save some money on app development by just telling everyone who uses their app ‘yes’.
    And the FBI having this info doesn’t surprise me, the fact it’s on someones laptop does. Idiots!

Comments are now closed for this post.