Digital publisher BlueToad says it was source of AntiSec hack, not FBI

AntiSec is considered an offshoot of the larger hacker group Anonymous, which has carried out string of attacks on companies such as Stratfor and the public website of the Justice Department. 

In a blog post on the company's website, BlueToad chief executive Paul DeHart said the company's computer systems suffered a cyberattack a little more than a week ago and Apple UDIDs were stolen during the breach. DeHart said the data was then posted on the Web by an "unknown group" and the company immediately notified law enforcement when it realized it was the likely source of the stolen device information. 

"Although we successfully defend against thousands of cyber attacks each day, this determined criminal attack ultimately resulted in a breach to a portion of our systems," DeHart wrote. "When we discovered that we were the likely source of the information in question, we immediately reached out to law enforcement to inform them and to cooperate with their ongoing criminal investigation of the parties responsible for the criminal attack and the posting of the stolen information."

NBC News first reported that BlueToad claimed to be the source of the UDIDs published by AntiSec.

DeHart apologized for the breach in the blog post and said the company has fixed the security vulnerability in its system, as well as partnered with a security firm to prevent future breaches. He also said the information stolen by the hackers were Apple device names and UDIDs, which are stored in its systems according to relevant industry practices.

DeHart said the company "believes the risk that the stolen data can be used to harm app users is very low."

However, DeHart told the New York Times that BlueToad had "nowhere near" the 12 million device identification numbers that AntiSec claimed it accessed.

Apple spokeswoman Trudy Muller said that as "an app developer, BlueToad would have access to a user's device information such as UDID, device name and type." However, "developers do not have access to users' account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer," Muller added.


Last week the FBI called AntiSec's claims "totally false," saying there was no evidence indicating that a laptop was breached and the bureau wasn't collecting device information. Apple also denied providing this type of device information to the FBI.

When asked if the FBI was working with BlueToad to address the hack, an agency spokeswoman said it "neither confirms nor denies investigations" as a matter of policy.

This post was updated at 2:30 p.m.

More in Cybersecurity

After Sony hack, House panel plans cyber focus

Read more »