Linked by Thom Holwerda on Tue 4th Sep 2012 09:00 UTC
Apple This could be big - although just how big remains unclear. "There you have. 1,000,001 Apple Devices UDIDs linking to their users and their APNS tokens. The original file contained around 12,000,000 devices. We decided a million would be enough to release. We trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc." How did AntiSec get this data (they claim)? From an FBI laptop. Why an FBI laptop would have a file with personal information on 12 million iOS users, we don't know - especially since 10000 of them are Dutch/Belgian, and last I checked, those do not fall under FBI jurisdiction. Did the FBI obtain it from an application developer, or from Apple itself? Then again - 12 million users? From a single iOS developer? I find that hard to believe.
Permalink for comment 533857
To read all comments associated with this story, please click here.
RE[3]: Shame on these guys.
by bouhko on Tue 4th Sep 2012 22:02 UTC in reply to "RE[2]: Shame on these guys."
bouhko
Member since:
2010-06-24

Yeah I don't care about my address, it's in the phonebook anyway.

The problem is that UDIDs allow you to access some information that might be sensible about a person. For example, see the OpenFeint flaw :
http://corte.si/posts/security/openfeint-udid-deanonymization/index...
http://corte.si/posts/security/udid-leak.html

For example, the query returns the last game the user played. Not a big deal in most case. But if you replace last game played with last webpage visited or something else, this can quickly become a problem.

The thing is - and this isn't really Apple's fault - a lot of companies are not serious at all about how they handle user's private data (not talking address or phone number here, but history of games played or visited url).

Reply Parent Score: 3