In describing the theft from its servers, BlueToad downplayed the risk to information types other than UDIDs.

"BlueToad does not collect, nor have we ever collected, highly sensitive personal information like credit cards, social security numbers or medical information," DeHart said. "The illegally obtained information primarily consisted of Apple device names and UDIDs -- information that was reported and stored pursuant to commercial industry development practices."

Over the past several years, iOS app developers have used UDIDs to identify and track devices in their systems. Some of them associated UDIDs with other information about device owners and even used these identifiers for user authentication.

Because of the privacy concerns associated with these practices, Apple has started to phase out the use of UDIDs. Since March, the company no longer accepts App Store submissions for apps that access UDIDs.

Bluetoad followed Apple's recommendation, and its new apps no longer report UDIDs back to the company's servers, DeHart said. "We have now also discontinued storing any UDID information sent to our servers by apps that have not yet been updated to the new code base."