To cap off a summer of devastating corporate data breaches, hackers on Monday posted online what might be the crown jewel of data dumps: 1 million identification numbers for Apple iPhones, iPads and iPod Touch's, all purportedly stolen from the FBI.

Even worse, there may be 11 million more Apple device IDs yet to be released, many with full user names, addresses and telephone numbers attached.

"Why exposing [sic] this personal data?" asked the unnamed writer of the Pastebin posting announcing the data dump, who claimed to be affiliated with the anti-government hacktivist group AntiSec. "Well, we have learnt it seems quite clear nobody pays attention if you just come and say 'Hey, FBI is using your device details and info and who the [expletive] knows what the hell are they experimenting with that," well sorry, but nobody will care."

Apple unique device identification numbers (UDIDs) establish a single iOS device's identity in the Apple ecosystem, letting iTunes and app developers know which device is running what. It's what locks most iOS devices into installing only software from the iTunes App Store, and what lets game developers keep track of each user's high score.

The 88-megabyte file posted by AntiSec on several file-sharing sites is heavily encrypted, but the Pastebin posting offers detailed instructions for decrypting it using open-source software.

To check whether your iPhone, iPad or iPod Touch's UDID might be among those affected, a Unix developer based in Florida has already posted a tool: http://kimosabe.net/test.html

Apple UDIDs can be found by plugging a device into a computer, opening iTunes and clicking on the device serial number displayed.

Mac-centric website MacOS Rumors has verified that many of the UDIDs in the data dump are genuine, but notes that "UDIDs themselves are rather harmless in isolation."

However, New Zealand-based security researcher Aldo Cortesi has shown that thanks to disregard of Apple's security guidelines by iOS game and app developers, it's possible to determine a user's identity through an UDID alone.

The Pastebin post claims that the UDIDs were stolen thanks to an Anonymous hack into the laptop of FBI agent Christopher Stangl, a member of a New York-based cybercrime task force.

Stangl has spoken publicly on matters of cybersecurity, appearing in February 2011 on a panel discussion on cybercrime attended by SecurityNewsDaily. He was among 44 American and European law-enforcement personnel copied on an email sent in January 2012 inviting recipients to join a conference call to discuss efforts against the hacktivist groups Anonymous and LulzSec.

Anonymous intercepted the email and used it to eavesdrop on and record the conference call, which they then posted online in February 2012.

According to yesterday's Pastebin post, hackers used a then-new Java exploit to get into Stangl's machine.

"During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java," the posting states. "During the shell session some files were downloaded from his Desktop folder one of them with the name of 'NCFTA_iOS_devices_intel.csv' turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts."

"No other file on the same folder makes mention about this list or its purpose," adds the writer of the Pastebin post.

"CSV" is the Windows filetype associated with a list of comma-separated values, which separate database entries with a comma and can be read by Microsoft Excel and many other applications.

"NFCTA" may refer to the National Cyber-Forensics & Training Alliance, a Pittsburgh-based non-profit organization that, in its own words, "functions as a conduit between private industry and law enforcement with a core mission to identify, mitigate and neutralize cybercrime."

It is not clear why an FBI agent would have a database of 12.4 million iOS device UDIDs on his laptop, nor why the NFCTA would have provided them to him.

Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.