Honesty Is The Best Policy: BlueToad And The Stolen Apple UDIDs

“We have fixed the vulnerability and are working around the clock to ensure that a security breach doesn’t happen again. In doing so, we have engaged an independent and nationally-recognized security assurance company to assist in our ongoing efforts.”

“We sincerely apologize to our partners, clients, publishers, employees and users of our apps. We take information security very seriously and have great respect and appreciation for the public’s concern surrounding app and information privacy.”
Paul DeHart, CEO and President, BlueToad Inc

How refreshing is that?


I’m sure you already know by now that Apple device ID codes were posted to the internet last week. In fact more than one million unique device identifiers (UDIDs) were uploaded by hackers claiming to be part of the Antisec movement, an offshoot of the more well known Anonymous (they sure have been busy lately huh?). Antisec claimed that the data came from an FBI laptop they had breached back in March but we now know that isn’t true at all.

Some sterling work by David Schuertz, a security consultant, suggested another source: BlueToad. And his suspicions ultimately proved right.

After some internal investigation BlueToad released a statement in which they said,

“When we discovered that we were the likely source of the information in question, we immediately reached out to law enforcement to inform them and to cooperate with their ongoing criminal investigation of the parties responsible for the criminal attack and the posting of the stolen information.”

For now at least it would appear that the leak is laid solely at the feet of BlueToad and that there is no longer any suggestion that the data came from the FBI at all. Whats refreshing here is how responsible BlueToad appear to have been in this instance. I personally think that once a breach has occurred the bulk of the damage is done. Even so, many companies are extremely reticent about admitting what has happened and how. In this case I can see that BlueToad my well retain a huge amount of goodwill from it’s customer base due to their quick response and honesty in this matter.

The cost of getting hacked can be huge from the outset as Jeffrey mentions here in regard to incident response charges:

But also longer-term too. I don’t know about you but I wouldn’t place any custom with a company that hid or mislead the public over security issues they had experienced.

+1 to BlueToad for doing the right thing.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind