Three Apple internal tools allegedly stolen following June server breach

in General Discussion

A threat actor is claiming to have leaked source code for three internal Apple tools, in a supposed breach that Apple has yet to confirm actually happened.

A brightly lit data center corridor with rows of server racks on both sides, featuring blue and green lights and visible cables.
Servers in a data center

Apple prides itself on being security-focused and being willing to defend the privacy of customers. However, it is claimed that it was the victim of a breach earlier in June.

In a post by DarkWebInformer on X, the threat actor IntelBroker has allegedly leaked code from Apple. Posted to a hacker forum, it is alleged that the post contains the "internal source code" to three of Apple's "commonly used tools" for internal purposes.

The three tools are identified as AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin.

Of the three tools, the first is to allow employees to authenticate and access other applications used on Apple's internal network. However, it is a deprecated tool, and has been for a few years.

Apple-HWE-Confluence-Advanced is a similar tool that has been deprecated, while also requiring employee authentication. However, little is known about either it or AppleMacroPlugin's range of capabilities.

The forum post by IntelBroker offers no other real details, nor motives for the shared apps. Usually in major breaches, there are offers to sell data, which could include source code, but that doesn't appear to be the case here.

AppleInsider has contacted Apple for clarification.

The claimed breach arrives shortly after IntelBroker made other claims about AMD, including selling data supposedly pulled from an AMD breach from June. In that case, the data trove allegedly contained information about future AMD products, employee and customer databases, and finance information.

AMD has started to investigate whether the attack actually took place.

Read on AppleInsider


  • Reply 1 of 4
    MacProMacPro Posts: 19,787member
    I wonder whose servers this code resided on? 
  • Reply 2 of 4
    gatorguygatorguy Posts: 24,388member
    MacPro said:
    I wonder whose servers this code resided on? 
    It appears to be data stored on Apple's own servers utilized for, internal use stuff, not the iCloud user data that might be stored with Amazon and Google. 
    edited June 20 muthuk_vanalingam9secondkox2
  • Reply 3 of 4
    Well that doesn't sound useful.

    What REALLY needs to leak is their parts pairing software.  It would be incredibly useful to break that nonsense.
  • Reply 4 of 4
    9secondkox29secondkox2 Posts: 2,907member
    Difficult to lock things down when a lot of your stuff is in the hands of companies thst can’t wait to watch you burn. 
Sign In or Register to comment.