Skip to main content


Home Universally unique identifier

Universally unique identifier

(also UUID, globally unique identifier)

Universally unique identifier definition

A universally unique identifier (UUID) is a 128-bit number that an algorithm generates, and it identifies unique data. It typically consists of five groups of hexadecimal numbers separated by hyphens in the form of 123e4567-e89b-12d3-a456-426655440000. The values of the UUID rely on the device’s network address and refer to the network address, a time stamp, and an arbitrary component. This combination makes each UUID unique. UUIDs have various purposes in computer systems, including database keys, file systems, distributed systems, and web applications. Although it is challenging to predict the universally unique identifier, it is still vulnerable to hacking and manipulation, which can happen because of a hash collision or if hackers utilize different tools to guess the finite size of the UUID.

Preventing UUID hackings

  • Use a secure random number generator. You can use a cryptographically secure random number generator to ensure hackers find UUIDs difficult to guess.
  • Utilize a robust UUID algorithm. Stronger algorithms come with a cryptographically safe PRNG that decreases the possibility of a collision. For instance, a Version 4 UUID is a purely random number, making it less susceptible to attacks than other versions with timestamps and predictable data.
  • Regularly rotate UUIDs. Doing so will help you prevent unauthorized access and session hijacking attacks.
  • Avoid exposing UUIDs. You should not reveal UUIDs in URLs or other public-facing data to prevent or reduce hacking and manipulation.
  • Monitor for unusual UUID activity. Large numbers of UUIDs or unusual patterns in UUIDs are red flags and should raise concerns.
  • Don’t rely on the UUID for protection. Implementing advanced security measures, such as SSL encryptions, threat managers, and two-factor authentication, is better. Attackers can guess UUIDs, which may grant them access to sensitive information, such as login credentials.