Never miss an update Follow AppleInsider
Monday, July 04, 2011, 09:30 am
Hackers access Apple server with small amount of survey data
A group of hackers this weekend posted a list of 27 usernames and passwords culled from surveys hosted on an Apple Business Intelligence website.The group of hackers known as "AntiSec" were responsible for the alleged security breach and posting of usernames and passwords, according to The Wall Street Journal. The data was posted over the weekend on the official Twitter account of the group, which is comprised of members of the vigilante group "Anonymous" as well as hackers from the defunct "Lulz Security."
The data released by the group includes 27 usernames and encrypted passwords taken from an SQL database from an online survey hosted by Apple. The security breach does not involve Apple's popular iTunes Store or the 225 million accounts and credit cards associated with it.
"#Apple could be target, too," the group wrote on its Twitter account on Sunday, along with a link to the short list of usernames and passwords. "But don't worry, we are busy elsewhere."
A number of high-profile companies have recently been the target of groups like "AntiSec" and "LulzSec." Most prominently, Sony was forced to take its PlayStation Network offline for a lengthy period of time after hackers breached its servers and obtained data including usernames, passwords, names, addresses, and potentially even credit card data.
Other victims of "LulzSec" include the FBI, the CIA, AT&T, and the Arizona Department of Public Safety. The group of loosely associated hackers claimed to have disbanded last month, though other operations like "AntiSec" have picked up where they left off.
Apple bolstered the security of its "Apple ID" accounts associated with iTunes and App Store purchases last year after its online forums were hacked. iTunes accounts have also been targeted for fraud, though a large-scale breach of usernames and passwords similar to Sony's PSN woes has never occurred.
On Topic: General
- Editorial: Apple's billions are building an empire for the future
- Review: AL13 raises the bar for iPhone bumper design
- Song skipping feature in Apple's 'iRadio' reportedly holding up Sony deal
- Music service's structure, plus Apple's culture, holding up 'iRadio' service
- Apple fixes MacBook Air crashing issue in critical firmware update
Previous Comments View All
Until Apple confirms the hack I will consider this merely bragging by the script kiddie group. If the report turns out to be true, including the number of reported usernames and passwords, then is this really news worthy? Unfortunately, because it is Apple, this will be plastered all over the internet. We will see dozens of hit pieces raking Apple over the coals, advising people to dump Apple products, analyzing Apple's failure to protect its customers, predicting that iCloud will fail because of this incident. Of course the usual suspects who troll Apple centric forums will have a field day.
Have I missed anything in my predicted responses?
Quote:
Originally Posted by irnchriz 
Were these details actually stored by Apple? Normally Apple emily the services of a 3rd party to carry out online surveys etc.
Were these details actually stored by Apple? Normally Apple emily the services of a 3rd party to carry out online surveys etc.
That's what I was wondering. Was this really an Apple breach or that of a company that was doing something for Apple
Quote:
Originally Posted by lkrupp
Until Apple confirms the hack I will consider this merely bragging by the script kiddie group. If the report turns out to be true, including the number of reported usernames and passwords, then is this really news worthy? Unfortunately, because it is Apple, this will be plastered all over the internet. We will see dozens of hit pieces raking Apple over the coals, advising people to dump Apple products, analyzing Apple's failure to protect its customers, predicting that iCloud will fail because of this incident. Of course the usual suspects who troll Apple centric forums will have a field day.
Have I missed anything in my predicted responses?
Until Apple confirms the hack I will consider this merely bragging by the script kiddie group. If the report turns out to be true, including the number of reported usernames and passwords, then is this really news worthy? Unfortunately, because it is Apple, this will be plastered all over the internet. We will see dozens of hit pieces raking Apple over the coals, advising people to dump Apple products, analyzing Apple's failure to protect its customers, predicting that iCloud will fail because of this incident. Of course the usual suspects who troll Apple centric forums will have a field day.
Have I missed anything in my predicted responses?
Other than the detail that it is just as likely to happen without any details just like with the whole location fuss, the iphone 4 antenna flaw, the FCPX is utter crap and 'everyone' says so etc
Quote:
Originally Posted by lkrupp
Have I missed anything in my predicted responses?
Have I missed anything in my predicted responses?
People who hear the shrillness could start taking their credit card details out of iTunes, which would be a disaster for Apple. Obviously this was a separate system, but you can't expect a layman to make such distinctions.
Quote:
Originally Posted by irnchriz
Were these details actually stored by Apple? Normally Apple emily the services of a 3rd party to carry out online surveys etc.
Were these details actually stored by Apple? Normally Apple emily the services of a 3rd party to carry out online surveys etc.
This was also my first thought.
Quote:
The data released by the group includes 27 usernames and encrypted passwords
This caught my eye; the fact that they pulled encrypted passwords means nothing. Passwords stored in databases SHOULD be encrypted so if they are stolen (like in this case) they are useless. Trying to log in with an encrypted password would cause re-encryption of the user-entered password, thus breaking it rendering the stolen information useless. If other sensitive data is stolen (CCs, addresses, phone numbers), however, that would be a big deal.
Quote:
Originally Posted by Nobodyy
This was also my first thought.
This caught my eye; the fact that they pulled encrypted passwords means nothing. Passwords stored in databases SHOULD be encrypted so if they are stolen (like in this case) they are useless. Trying to log in with an encrypted password would cause re-encryption of the user-entered password, thus breaking it rendering the stolen information useless. If other sensitive data is stolen (CCs, addresses, phone numbers), however, that would be a big deal.
This was also my first thought.
This caught my eye; the fact that they pulled encrypted passwords means nothing. Passwords stored in databases SHOULD be encrypted so if they are stolen (like in this case) they are useless. Trying to log in with an encrypted password would cause re-encryption of the user-entered password, thus breaking it rendering the stolen information useless. If other sensitive data is stolen (CCs, addresses, phone numbers), however, that would be a big deal.
Looks to all be the system user names, not usually encrypted, but everything else is. So not much of a story.
Quote:
Originally Posted by irnchriz
...Normally Apple emily the services ...
...Normally Apple emily the services ...
uhh... what?
Quote:
Originally Posted by DrDoppio
uhh... what?
uhh... what?
He said Apple emily the services....
Quote:
Originally Posted by jacobo007
He said Apple emily the services....
He said Apple emily the services....
Thanks, that makes sense.
NOT!
Quote:
Originally Posted by DrDoppio
Thanks, that makes sense.
Thanks, that makes sense.
I believe that irnchriz meant to say that Apple elizabeth the services. An easy mistake to make.
Latest Apple Headlines
-
Editorial: Apple's billions are building an empire for the future
~59 minutes ago -
Review: AL13 raises the bar for iPhone bumper design
~12 hours ago -
10M Samsung flagship phones in 28 days a 'record,' 5M iPhone 5 in 3 days 'disappointing'
~21 hours ago -
Song skipping feature in Apple's 'iRadio' reportedly holding up Sony deal
~1 day ago -
Apple yanks 'Bang with Friends' app from iOS App Store
~1 day ago - more...
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
A group of hackers this weekend posted a list of 27 usernames and passwords culled from surveys hosted on an Apple Business Intelligence website.
The group of hackers known as "AntiSec" were responsible for the alleged security breach and posting of usernames and passwords, according to The Wall Street Journal. The data was posted over the weekend on the official Twitter account of the group, which is comprised of members of the vigilante group "Anonymous" as well as hackers from the defunct "Lulz Security."
The data released by the group includes 27 usernames and encrypted passwords taken from an SQL database from an online survey hosted by Apple. The security breach does not involve Apple's popular iTunes Store or the 225 million accounts and credit cards associated with it.
"#Apple could be target, too," the group wrote on its Twitter account on Sunday, along with a link to the short list of usernames and passwords. "But don't worry, we are busy elsewhere."
A number of high-profile companies have recently been the target of groups like "AntiSec" and "LulzSec." Most prominently, Sony was forced to take its PlayStation Network offline for a lengthy period of time after hackers breached its servers and obtained data including usernames, passwords, names, addresses, and potentially even credit card data.
Other victims of "LulzSec" include the FBI, the CIA, AT&T, and the Arizona Department of Public Safety. The group of loosely associated hackers claimed to have disbanded last month, though other operations like "AntiSec" have picked up where they left off.
Apple bolstered the security of its "Apple ID" accounts associated with iTunes and App Store purchases last year after its online forums were hacked. iTunes accounts have also been targeted for fraud, though a large-scale breach of usernames and passwords similar to Sony's PSN woes has never occurred.
Were these details actually stored by Apple? Normally Apple employ the services of a 3rd party to carry out online surveys etc.