A hacker group has claimed to have obtained personal data from 12 million Apple iPhone and iPad users by breaching
a Federal Bureau of Investigation (FBI) computer, raising concerns about government tracking.
The group called AntiSec, linked to the hacking collective known as Anonymous, posted one million Apple user identifiers on Monday purported to be part of a larger group of 12 million obtained from an FBI laptop.
In the posting, AntiSec said the original file “contained around 12,000,000 devices” and that “we decided a million would be enough to release”.
The group said it “trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc”.
Contacted by AFP news agency, FBI spokeswoman Jenny Shearer said: “We’re not commenting.”
It also raises question over why the FBI had held the details of consumers of Apple products.
Apple also did not immediately respond to a request for comment.
One website set up a database to help users determine if their device was on the hacked list of Apple unique device IDs (UDIDs).
“Quite why the FBI was collecting the UDIDs and personal information of millions of iPhone and iPad users is not yet clear – but it’s obvious that the data (and the computer it was apparently stored on) was not adequately secured,” said Graham Cluley of the British security firm Sophos.
The hacker group said it posted the information to draw attention to Apple’s practices which allow users to be tracked.
“We never liked the concept of UDIDs since the beginning indeed. Really bad decision from Apple,” it said.
Hacker and computer security expert, Jason Moon told Al Jazeera: “I think we should be very concerned”.
He said: “If the intelligence agencies are going to spy on their own citizens and retain this kind of personal information it’s very worrying that hacker can get their hands on”.
“Our enemies can get their hands on it just as easily then…So it’s kind of like doing the spying for our enemy in a sense”, he added.
“If they are going to be this negligent with the way the information is secured keeping it all in one place in the manner that they did, it’s really disturbing.”
The cyber incursion set social networking sites aflutter with technology bloggers questioning consumer privacy.
Peter Kruse, an e-crime specialist with CSIS Security Group in Denmark, confirmed on Twitter that the leak “is real” and that three of his own devices had been included.
He tweeted: “Also notice that they claim to have full name, addresses, phone numbers etc… Big ouch!”
A security expert with Tata Communications, Eric Hemmendinger, said: “The question is not whether it’s accurate, it is why did the feds have the information and why did they not take due care to secure it”.
“If you work in cybersecurity and your machine gets hacked, that’s a pretty embarrassing scenario,” he added.