A digital publisher said Monday it was likely the source of a data breach which resulted in the leak of personal data from as many as 12 million Apple iPhone and iPad users.
Hackers initially claimed the data containing Apple identification codes known as UDIDs was stolen from an FBI computer, but the US law enforcement agency claimed this was incorrect.
BlueToad, a Florida-based firm which creates digital and mobile editions of publications, said that it was “the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems.”
Paul DeHart, the company’s chief executive and president, said in a blog posting that the firm immediately contacted law enforcement after learning of the attack.
“Although we successfully defend against thousands of cyber attacks each day, this determined criminal attack ultimately resulted in a breach to a portion of our systems,” he said.
“When we discovered that we were the likely source of the information in question, we immediately reached out to law enforcement to inform them and to cooperate with their ongoing criminal investigation of the parties responsible for the criminal attack and the posting of the stolen information.”
The company apologized for the breach and said it had fixed the vulnerability. It also said it does not collect sensitive personal information like credit cards, social security numbers or medical information.
“We understand and respect the privacy concerns surrounding the data that was stolen from our system,” DeHart said.
“BlueToad believes the risk that the stolen data can be used to harm app users is very low. But that certainly doesn’t lessen our resolve to ensure that all data is protected and kept from those who seek to illegally obtain it.”
The group called AntiSec, linked to the hacking collective known as Anonymous, posted one million Apple user identifiers purported to be part of a larger group of 12 million obtained from an FBI laptop.
The FBI initially had no comment on the reports, but later issued a statement which said it never had the data in question.
One website set up a database to help users determine if their device was on the hacked list of Apple unique device IDs (UDIDs).