There is some speculation that an app developer, not Apple, released the dataset of 12 million device IDs to the FBI. Marco Arment of Instapaper writes on his blog that, “all of this information could have been collected from an app transmitting data to a server… This is exactly the information that an ad network would want to collect. Apple and the carriers probably weren’t involved at all.” He adds that the “popular and free AllClear ID app, related to NCFTA, is a likely culprit,” given the name of the dataset stolen by hackers.
The NCFTA, or National Cyber Forensics and Training Alliance, is a non-profit partner with the FBI whose legal arrangement with the government allows it to hand over information to the FBI. Forbes privacy writer Kashmir Hill writes that NCFTA is not allowed to share names or addresses of people affiliated with the scheme. AllClear ID a free iOS app that aims to protect a user’s identity from fraud; it could not be reached for comment at the time of writing.