Bureau of incompetence

A hacker group claims to have obtained personal data from 12million Apple iPhone and iPad users by breaching an FBI computer, raising concerns about government tracking.

The group called AntiSec, linked to the hacking collective known as Anonymous, posted one million Apple user identifiers claimed to be part of a larger group of 12million, purportedly obtained from an FBI laptop.

FBI spokesman Jenny Shearer said: "We're not commenting."

Peter Kruse, an e-crime specialist with CSIS Security Group in Denmark, said on Twitter that the leak "is real" and that he confirmed three of his own devices in the leaked data.

"Also notice that they claim to have full names, addresses, phone numbers etc ... Big ouch!" he tweeted.

Eric Hemmendinger, a security expert with Tata Communications, said the report raised concerns about the protectors of cyber security.

"The question is not whether it's accurate, it is why did the Feds [FBI] have the information and why did they not take due care to secure it," he said.

Hemmendinger said that, based on past reports from Anonymous and related groups, he believed the report was probably true.

Apple did not immediately respond to a request for comment.

The tech blog Geekosystem called it "one of the worst privacy disasters yet" and various Twitter comments said the news suggested the FBI was tracking Apple users.

One website set up a database to help users determine if their device was on the hacked list of Apple unique device IDs.

"Quite why the FBI was collecting the unique device IDs and personal information of millions of iPhone and iPad users is not yet clear - but it's obvious that the data [and the computer it was apparently stored on] was not adequately secured," said Graham Cluley of the British security firm Sophos.

"My suspicion is that the hackers were more interested in embarrassing the FBI's team than endangering innocent users. All the same, hacking into computers is a criminal act - and I would anticipate that the FBI and other law-enforcement agencies will be keen to hunt down those responsible."

Others expressed concern about the apparent leak.

"The bigger issue, however, is that they were tied to additional personal information, including user names, device names, notification tokens, cellphone numbers and addresses, that could potentially lead to identity theft," said Josh Ong on the technology blog The Next Web.

Johannes Ullrich of the SANS Internet Storm Center said it was difficult to verify the report.

"The significance of this breach very much hinges on the source which, as far as I know, hasn't been authenticated yet. The data is, however, real based on some of the reports that people do find their own user device ID in the file."