1,000,001 UDIDs released from the 12,000,000 claimed to be in the original file. Looks likely that these were given to (or acquired by) the FBI through an App developer.
Others claim it was a java 0day job http://erratasec.blogspot.dk/2012/09/how-fbi-mightve-been-owned-12m-apple.html.
That link discusses how the data was stolen from the FBI, not how the FBI acquired the data in the first place. It’s very likely that the hackers used one of the Java exploits to take over the machine.
Oh, yes. You are right. I misread your comment, sorry. I can add to the story that a Danish security company confirmed the data to seem vaild: http://translate.google.com/translate?sl=da&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.csis.dk%2Fda%2Fcsis%2Fblog%2F3634%2F (Google Translate of http://www.csis.dk/da/csis/blog/3634/).
More info on the orgin of the data: http://www.nytimes.com/2012/09/11/technology/company-says-it-not-fbi-was-hacking-victim.html?_r=2
http://dazzlepod.com/apple/ has a search to see if your UDID is listed