Hackers claims Apple online data was compromised

One group, Anonymous, said that Apple could be its target, but it was now busy elsewhere

A list of 27 user names and encrypted passwords apparently for an Apple website was posted to the Internet over the weekend along with a warning from hacker group Anonymous that the Cupertino-based computer maker could be a target of its attacks.

The list was posted to the Pastebin website, a hosting site for text files, by an unidentified user under the title "Not Yet Serious." It wasn't immediately clear if the user was allied with the Anonymous hacking group, but the existence of the file became widely known after Anonymous linked to it in a Twitter message.

"Not being so serious, but well," the message read before linking to the PasteBin page. "Apple could be target, too. But don't worry, we are busy elsewhere," the message said.

The data appears to be a set of user names and encrypted passwords from an SQL database for an online survey at the Apple Business Intelligence website. The site is currently offline.

Apple did not immediately respond to a request for comment.

In an apparently unrelated posting, a Lebanese grey-hat hacker called idahc_hacker said he had found vulnerabilities on another Apple website. The SQL injection and iFrame code attacks can be used by hackers to gain unauthorized access to data.

Grey hat hackers do not typically hack for malicious purposes and the Lebanese hacker did not post and data obtained from the site.

In pointing out the hacks, he said he was not part of Anonymous or LulzSec, an allied group that disbanded recently.

The Anonymous hacking group has been running an operation "Antisec" against government, law enforcement and corporations for some weeks now. A supporter of the group recently encouraged workers in "corrupt" companies and governments to also leak data. A website called HackerLeaks has been set for the purpose by Peoples Liberation Front, an ally of Anonymous. It is styled on the lines of whistle-blowing site WikiLeaks.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags AnonymousApplesecurity

More about AppleIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts