The hackers released 1 million of the numbers online and said their findings demonstrated how the FBI was using citizens' smartphone data to spy on them.
But Apple and the FBI denied leaking the information. And now, a little-known publisher says his company was the source of the leak -- not the FBI or Apple -- and he apologizes.
Paul DeHart, chief executive of Blue Toad publishing company, told NBC News that after analyzing data released by the hackers and his firm's own servers, the two data sets are nearly identical, suggesting the leak came from his company.
DeHart said he does not know who stole the data from his company or whether it had been shared with anyone else. He said the data had been stolen "in the past two weeks."
"We're pretty apologetic to the people who relied on us to keep this information secure," he told NBC News.
The report appears to discredit the claim made by the hackers last week that an FBI agent was keeping millions of Unique Device Identifiers, or UDIDs, on his laptop.
UDIDs are 40-character sequences of letters and numbers specific to each Apple mobile device and are often used by app developers to track users' behavior.
Experts said the leak of the IDs posed little security risk unless hackers combined the numbers with other pieces of personal information about the device owners.
Based in Orlando, Fla., BlueToad says on its website that it works with more than 5,000 publishers. The company calls itself "the leading technology provider in the digital publishing industry."