Apple user leak 'came from Florida publishing company' - not FBI

App publisher Blue Toad claims that it - not FBI agent Christopher K. Stangl - was responsible for Apple user data leak

The CEO of a small Florida publishing company has suggested that it was the source of a leak of one-million-plus Apple users' personal details, which hacking group Anonymous had attributed to the compromised Dell laptop of FBI agent Christopher K. Stangl.

The chief executive of publisher Blue Toad, Paul De Hart, has told NBC News in the US that the data was downloaded from its website two weeks ago, just before Anonymous went public with its claims.

DeHart told the news channel that technicians from the company had compared the data subset released by Anonymous with the data the company believes was downloaded from its own compromised servers and found a 98 per cent correlation between the two sets of data.

The data links the unique identifier (UDID) of Apple users' iPhones, iPads and iPod Touch devices with information retained by Apple and made available to app developers and other companies.

Anonymous had claimed that it acquired the data as a result of a successful attack on Stangl's Vostro Dell laptop in March 2012, which they compromised using a security flaw in Oracle Java.

"As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this," DeHart told NBC News.

However, DeHart admitted that the data on the company's servers might also have been shared with other organisations.

The FBI denied Anonymous's claims, while Apple declined to respond to press questions. Apple did, however, put up a spokesperson for NBC News.

"As an app developer, Blue Toad would have access to a user's device information such as UDID, device name and type," Trudy Mullter told NBC News on Monday. "Developers do not have access to users' account information, passwords or credit card information, unless a user specifically elects to provide that information to the developer."

According to DeHart, the company only realised that it might be the source of the leak when a security researcher, called David Schuetz, contacted it.

Schuetz, a consultant with New York-based Intrepidus Group, said that he deduced that Blue Toad might be the source of the leak after examining the data and finding frequent references to Blue Toad, including numerous devices that had names suggesting that they belonged to Blue Toad or Blue Toad staff.

However, he admitted, that out of one million devices, just 19 were identified as Blue Toad.