Apple UDID Leak Came From App Publisher, Not FBI

Apple’s leaked UDIDs didn’t originally come from the feds, as originally reported, according to new information obtained by NBC News today. Instead, the information came from app-publishing company BlueToad, according to that company’s CEO speaking to NBC today.

The leak was discovered courtesy of independent outside researcher and mobile security consultant David Schuetz, who determined on his own that the million UDIDs leaked by hacker group Antisec likely came from BlueToad. After performing its own internal forensic audit, BlueToad confirmed with “100 percent confidence” that they were the original source of the information, BlueToad CEO Paul DeHart told NBC News.

After confirming they were the source, Blue Toad reached out to the appropriate authorities to “take responsibility,” DeHart says. In an official response made to NBC, Apple’s Trudy Miller confirmed that BlueToad would probably have access to that kind of information as a developer, but also pointed out that none of that information would be associated with information that could personally identify individual users.

Earlier, AntiSec had cited an FBI laptop as the source of the information, and DeHart couldn’t rule out that it may have made its way to such a device, but the FBI issued a statement earlier saying there was “no evidence” that was the case. Likewise, Apple also issued a statement to AllThingsD saying it hadn’t provided any UDID information to the FBI.

BlueToad says it no longer collects UDID information from its users, and Apple has discouraged the practice and plans to remove it entirely sometime “soon.” This may be as close as people get to closure on this issue, though BlueToad says it has no plans to notify individuals that are affected, so those concerned will still have to track that info down on their own using the web-based tools for doing so that are available.