Hack collective AntiSec claims to have breech into an FBI agent laptop and thereby extracted some stuffs related to some personal details from Apple devices, alleging that the federal agency had been tracking users. The document supposedly contains Unique Device Identifiers (UDID), usernames, name and type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, and other content; AntiSec has released 1,000,001 UDIDs (along with the device name/type) as a proof of hack.
According to the group, a remote exploit on the Dell laptop used by one FBI supervisor managed to pull out several files saved to the desktop. One of those files was a .CSV database containing a huge number of Apple device details, though no other mention of the purpose of that file was discovered on the machine.
AntiSec says that “During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted [sic] on many parts. no other file on the same folder makes mention about this list or its purpose.”
Although app developers have access to some of the data included, it’s apparently rare that they would have full postal address details for individual users.