The FBI is disputing a hacker group's claim that it stole personal identification data of more than a million Apple device owners from an FBI agent's laptop.
Apple has not yet responded to repeated requests for comment, but the FBI has said that it never asked for and never possessed the list that the group, which is affiliated with the AntiSec movement, has posted on a website.
The group released a link to a text file containing more than a million Apple device identification numbers.
The identification data includes Apple devices' Unique Device IDs (UDIDs), which New Zealand coder and security consultant Aldo Cortesi has repeatedly warned is a ticking privacy time-bomb. According to Cortesi, many iOS applications regularly send the UDIDs to servers on the internet and often over insecure communication channels.
Cortesi's own experiments found that many companies, especially those in the social gaming ecosystem, are abusing the use of UDIDs in a manner that could result in serious privacy breaches. At the time of one of his experiments, he found that certain social gaming sites would allow attackers to log in with the knowledge of a stolen UDID alone.
"Some of the companies mentioned in my posts still have unfixed problems (they were all notified well in advance of any publication)," Cortesi wrote on his site yesterday.
"When speaking to people about this, I've often been asked 'What's the worst that can happen?' My response was always that the worst case scenario would be if a large database of UDIDs leaked ... and here we are."