| After reading through that blog post it seems that David himself still has some serious doubts as to whether Bluetoad was the source of the breach. Reading through his analysis, it almost seems that he may have fallen victim to log file pareidolia as he doesn't make it clear how a device named "Hutch" or one named "Paul’s gift to Brad" a anything more than coincidences in a very large data set. Doing some quick analysis of the file shows that there is a UDID that has the alternate names; "Hutch Hicken" (Bluetoad CTO), "Bluetoad Support" and "Customer Service iPad" among others, but could this also be representative of an older iPad that has been a pass-me down through the company? Somewhat more interesting and possibly more revealing are the UDIDs 'ffffffffffffffffffffffffffffffffffffffff' (occurring three times) and the small number of records not conforming to the field size and format of other records (UDIDs > 42 characters, no APNS, device/iOS version number as fourth field). For anyone interested the following ugly and slow one-liner will print out a summary of non-unique UDIDs along with their APNS and names. perl -F, -lane '$a{$F[0]}{$F[1]}=$F[2]; END { foreach $k (keys %a) {next unless ~~ keys %{$a{$k}} > 2; print "\nUDID : $k"; foreach $d (keys %{$a{$k}}){print "\t-> $d : $a{$k}{$d}"} } }' data
|
If that is the case, it would be a pretty striking coincidence for it to be someone else.