Hacker group alleges breach of Apple database, posts 'user data' to Web [u]
Hacker group The 1775 Sec, which claimed responsibility for a recent Dropbox outage, took to Twitter on Tuesday announcing a purportedly successful breach of Apple's database.
According to The 1775 Sec's Twitter page, the hacker group conducted the operation in cahoots with the "European Cyber Army" and published the results to website Pastebin.com. The document is highly suspect, however, as are the hacker group's claims.
AppleInsider has verified that some user information is legitimate, but the veracity of other data, such as passwords, email addresses and user names, is questionable. For example, many phone numbers are no longer in service, suggesting the data is old. Another scenario is that the information is not, in fact, from Apple's database and the posts are simply a hoax to garner media attention.
The group first tweeted about the leak a few days ago:
Dropbox maintains the downtime was caused by an internal error during scheduled maintenance and refutes any claims of a security breach.
Apple was most recently the target of an attack in July of 2013 when its developer portal was compromised by "an intruder." In response, Apple took down the website to avoid future attacks and conduct an overhaul of system security. The portal was down for a total of eight days and no sensitive information was leaked.
We have reached out to Apple for comment and will update this story upon receiving a response.
Update: Reader Janne has confirmed that the supposedly "leaked" data is not from Apple's servers, but to an app-related website. The site has been informed of the breach and is making modifications to its security system.
AppleInsider's Victor Lester Marks contributed to this report.
According to The 1775 Sec's Twitter page, the hacker group conducted the operation in cahoots with the "European Cyber Army" and published the results to website Pastebin.com. The document is highly suspect, however, as are the hacker group's claims.
AppleInsider has verified that some user information is legitimate, but the veracity of other data, such as passwords, email addresses and user names, is questionable. For example, many phone numbers are no longer in service, suggesting the data is old. Another scenario is that the information is not, in fact, from Apple's database and the posts are simply a hoax to garner media attention.
The group first tweeted about the leak a few days ago:
In subsequent tweets, 1775 Sec alluded to its involvement in the recent Dropbox outage that put many users out of touch with the service for over one day. This in itself is somewhat suspicious, as the group initially claimed to have successfully hacked Dropbox's database, then changed its story to claim responsibility for a DDoS attack supposedly launched in commemoration of Aaron Swartz's death.We repeatedly warned you Apple Inc... You thought because we faked some Drop Box leaks, that we actually didn't hack you? You made a foolish move Apple! We are the 1775Sec and the European Cyber Army!
Dropbox maintains the downtime was caused by an internal error during scheduled maintenance and refutes any claims of a security breach.
Apple was most recently the target of an attack in July of 2013 when its developer portal was compromised by "an intruder." In response, Apple took down the website to avoid future attacks and conduct an overhaul of system security. The portal was down for a total of eight days and no sensitive information was leaked.
We have reached out to Apple for comment and will update this story upon receiving a response.
Update: Reader Janne has confirmed that the supposedly "leaked" data is not from Apple's servers, but to an app-related website. The site has been informed of the breach and is making modifications to its security system.
AppleInsider's Victor Lester Marks contributed to this report.
Comments
They way they go about it, yes. Any email or tweet with many exclamation marks in it gets send to /dev0 at my end. But that's just me.
There is however a reason hackers get paid for finding security issues at large companies, like Apple. And for good reason; these large companies need expertise on security, may it come from inside or outsourced. It's just pathetic, I think, to hack and then going around tweeting "how great you are". I for one couldn't look myself in the mirror anymore after doing such a thing.
According to the quote, seems like the 12 year old "hackers" are at it again. This is worst than my old high school's cheers
here's my favorite part.. an error message that seems to show that they're using SQLMAP to dump the database for freeappaday.com. hehehe.
Quote:
I took a look at the pastebin - there is not a single @mac.com, ;@me.com or @icloud.com email address on the list.
Hacker group, huh?
they are not hackers, they're lame crackers doing for fun and exposing personal information. We need stronger penalties for crackers who expose personal data about people to the public.
That would be great if you could figure out who did it. Unless they're incredibly stupid, its pretty hard to track down this type of stuff. Plus, if this group is in a country that doesn't really care about this type of stuff what are you going to do?
Yeah, I am with you. I am probably in the minority, here, but these hackers are, technically, criminals. They really want to help, they could do so more discretely. Hack in, contact the attacked with a well written email with some proof. But don't pastebin it out for the world to see.
Looks as if they compromised freeappaday.com and not Apple. The data doesn't look all that valuable since it is just the bare minimum needed to access a free site.
Anyone committing crime should be brought to justice unfortunately most people get away with it !! And there are some people pretend to be hackers ! Unfortunately this is where society is going what can you do?!?