Florida-based publishing company BlueToad says it is the hacking victim of AntiSec, the anonymous group that claimed to be in the possession of 3TB (terabytes) of data allegedly extracted from an FBI laptop.
A while ago, we reported
on AntiSec’s “feat” of obtaining 12 million Apple device names and unique identifiers (UDIDs), of which one million actually got leaked in the wild.
AntiSec had claimed the data was from an FBI laptop, and even reinforced those claims when others tried to counter them.
The debate seems to be coming at an end with BlueToad CEO Paul DeHart saying in a prepared statement, “A little more than a week ago, BlueToad was the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems. Shortly thereafter, an unknown group posted these UDIDs on the Internet.”
Sounds pretty familiar. They also said they could confirm that the stolen data was from one of their machines.
The company’s technicians compared the hacked data to BlueToad’s own database and found a 98-percent match. “That’s 100 percent confidence level, it's our data,” he told NBC
“At BlueToad, we understand the importance of protecting the safety and security of information contained on our systems. Although we successfully defend against thousands of cyber attacks each day, this determined criminal attack ultimately resulted in a breach to a portion of our systems,” the company said.
When BlueToad discovered there was a good chance it was the source of the information, the company reportedly reached out to law enforcement to aid their ongoing criminal investigation of the parties that were responsible for the attack, as well as the posting of one million UDIDs.
DeHart also confirmed that his company has since fixed the vulnerability. The company is “working around the clock to ensure that a security breach doesn’t happen again.”
“In doing so, we have engaged an independent and nationally-recognized security assurance company to assist in our ongoing efforts,” DeHart said.
The publisher extended a sincere apology to all partners, clients and employees, as well as to everyone who uses its apps, adding that it “does not collect, nor have we ever collected, highly sensitive personal information like credit cards, social security numbers or medical information.”
The UDIDs were reportedly stored “pursuant to commercial industry development practices.”
Some will undoubtedly imagine a scenario where the FBI paid off BlueToad to say the breach was on their side. And, by today’s standards, that’s not even paranoid thinking.