The hacker group Antisec released one million Apple UDIDs (Universal Device IDs) to the public today.  The release is part of data captured from an FBI laptop that was compromised back in March.  In addition to the UDIDs, the release includes notification Center tokens, device names, and device IDs.  According to the release on PasteBin, the data has been stripped of any personal information, but the release raises the possibility that device owners, names, and addresses could be traced from this information.

there you have. 1,000,001 Apple Devices UDIDs linking to their users and their APNS tokens.the original file contained around 12,000,000 devices. we decided a million would be enough to release.we trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc.not all devices have the same amount of personal data linked. some devices contained lot of info.others no more than zipcodes or almost anything. we left those main columns we consider enough to help a significant amount of users to look if their devices are listed there or not. the DevTokens are included for those mobile hackers who could figure out some use from the dataset.

Another 11 million UDIDs loom out there in the hands of the Antisec group. The information stripped from the release reportedly also includes extensive personal information such as the name, address and contact numbers that correspond to the devices.

How the information was gained is also described in the PasteBin –

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

Thus far, there has been no public response from Apple.  It is also not clear what can be done about devices are included in the release.  The UDID is static and not something designed to be changed.