Apple iOS Jailbreak backdoors hidden in tweaks lead to 220,000 iCloud Accounts Being Hacked
It seems that at least 220,000 iCloud accounts have been hacked due to a backdoor implemented in jailbroken iPhones and iPads. These backdoors are implemented only on jailbroken Apple devices through some shady tweaks that users installed.
Chinese website, WooYun has reported thatย iCloud account details, including email addresses and passwords of nearly 220,000 iCloud users who also use jailbroken iPhones or iPads been breached.
The iCloud hack was also reported by redditor,ย mahmoodmaย and on Chinese microblogging website, Weibo.
WooYun is an information security platform where researchers report vulnerabilities and vendors give their feedbacks.
Thatโs why I got a shady email yesterday which asked me to unlock my apple is maybe?
Its in German and it links me to a shady site which wants my data cc and all this stuff.
And no, its not locked ๐
Email in German:
Ihre Apple-ID ([email protected]) wurde verwendet, um sich auf einem iPhone 4s mit dem Namen โTarkan iPhoneโ bei FaceTime und iMessage anzumelden. Datum und Zeit: 25. August 2015, 04:57 Uhr CEST Um unauthorisierte Verwendung Ihres Kontos vorzubeugen, wurde Ihre Apple-ID automatisch gesperrt. Sie kรถnnen erst wieder auf Software-Updates, iTunes Store, iCloud oder den Apple-Store zugreifen, wenn Sie Ihre Apple-ID entsperren. Um Ihre Apple-ID zu entsperren klicken Sie hier. Dies ist eine automatische Nachricht. Bitte antworten Sie nicht auf diese E-Mail. Mit freundlichen Grรผรen Apple Support
Tranlation :ย Your Apple ID ([email protected]) was used to log on an iPhone 4s with the name “iPhone Tarkan” FaceTime and iMessage. Date and Time: August 25 2015 04:57 EDT clock To prevent unauthorized use of your account, your Apple ID is automatically disabled. You can only again to access software updates, iCloud iTunes Store or the Apple store when you unlock your Apple ID. To unlock your Apple ID, click here. This is an automatic message. Please do not reply to this email. Sincerely Apple Support
mahmoodma has also posted proof of iCloud credentials which are leaked (user name has been blurred)
- Enable 2 Factor Authentication for your iCloud Account
- Do not install jailbreak tweaks from unknown and untrusted sources
- Do not use unknown tweaks or apps.