A hacker group named AntiSec has released 1,000,001 iPhone Unique Device Identifiers (UDIDs) it claims it stole from an FBI tracking project that contains more than 12 million of the numbers — some of which are said to be linked to personal information including full name, cell number, address and zipcode.
UDIDs are 40-digit long, unique alphanumeric codes that are assigned to every iOS device. They are used to track users as they move from app to app, to target advertising and measure campaign conversions. Unlike other advertising tracking mechanisms, they can’t be cleared, blocked, removed or opted out of, and are easy to link to personal information such as a user’s contact book.
Security concerns like these that have pushed Apple to move away from UDIDs, although the movement to replace them has lost much of its momentum due to a lack of suitable replacements. For its part, AntiSec had the following to say about UDID tracking:
“We think it’s the right moment to release this knowing that Apple is looking for alternatives for those UDID currently and since a while blocked axx [sic] to it, but well, in this case it’s too late for those concerned owners on the list. we always thought it was a really bad idea. that hardware coded IDs for devices concept should be erradicated [sic] from any device on the market in the future.”
According to the group’s anonymous statement on Pastebin.com, the data was released in order to draw attention to the FBI’s project. Although most of the user info has been removed, AntiSec left enough for users to determine if their devices were among those being tracked. For those users who do not wish to download the entire list of UDIDs in order to see if their device is among those being tracked, The Next Web has created a custom search tool related to the breach.