Katie Marsal
The group of hackers known as "AntiSec" were responsible for the alleged security breach and posting of usernames and passwords, according to The Wall Street Journal. The data was posted over the weekend on the official Twitter account of the group, which is comprised of members of the vigilante group "Anonymous" as well as hackers from the defunct "Lulz Security."
The data released by the group includes 27 usernames and encrypted passwords taken from an SQL database from an online survey hosted by Apple. The security breach does not involve Apple's popular iTunes Store or the 225 million accounts and credit cards associated with it.
"#Apple could be target, too," the group wrote on its Twitter account on Sunday, along with a link to the short list of usernames and passwords. "But don't worry, we are busy elsewhere."
A number of high-profile companies have recently been the target of groups like "AntiSec" and "LulzSec." Most prominently, Sony was forced to take its PlayStation Network offline for a lengthy period of time after hackers breached its servers and obtained data including usernames, passwords, names, addresses, and potentially even credit card data.
Other victims of "LulzSec" include the FBI, the CIA, AT&T, and the Arizona Department of Public Safety. The group of loosely associated hackers claimed to have disbanded last month, though other operations like "AntiSec" have picked up where they left off.
Apple bolstered the security of its "Apple ID" accounts associated with iTunes and App Store purchases last year after its online forums were hacked. iTunes accounts have also been targeted for fraud, though a large-scale breach of usernames and passwords similar to Sony's PSN woes has never occurred.
AppleInsider Staff
Chip Loder
Christine McKee
Malcolm Owen
William Gallagher
Andrew Orr
73 Comments
A group of hackers this weekend posted a list of 27 usernames and passwords culled from surveys hosted on an Apple Business Intelligence website.
The group of hackers known as "AntiSec" were responsible for the alleged security breach and posting of usernames and passwords, according to The Wall Street Journal. The data was posted over the weekend on the official Twitter account of the group, which is comprised of members of the vigilante group "Anonymous" as well as hackers from the defunct "Lulz Security."
The data released by the group includes 27 usernames and encrypted passwords taken from an SQL database from an online survey hosted by Apple. The security breach does not involve Apple's popular iTunes Store or the 225 million accounts and credit cards associated with it.
"#Apple could be target, too," the group wrote on its Twitter account on Sunday, along with a link to the short list of usernames and passwords. "But don't worry, we are busy elsewhere."
A number of high-profile companies have recently been the target of groups like "AntiSec" and "LulzSec." Most prominently, Sony was forced to take its PlayStation Network offline for a lengthy period of time after hackers breached its servers and obtained data including usernames, passwords, names, addresses, and potentially even credit card data.
Other victims of "LulzSec" include the FBI, the CIA, AT&T, and the Arizona Department of Public Safety. The group of loosely associated hackers claimed to have disbanded last month, though other operations like "AntiSec" have picked up where they left off.
Apple bolstered the security of its "Apple ID" accounts associated with iTunes and App Store purchases last year after its online forums were hacked. iTunes accounts have also been targeted for fraud, though a large-scale breach of usernames and passwords similar to Sony's PSN woes has never occurred.
Were these details actually stored by Apple? Normally Apple employ the services of a 3rd party to carry out online surveys etc.
Until Apple confirms the hack I will consider this merely bragging by the script kiddie group. If the report turns out to be true, including the number of reported usernames and passwords, then is this really news worthy? Unfortunately, because it is Apple, this will be plastered all over the internet. We will see dozens of hit pieces raking Apple over the coals, advising people to dump Apple products, analyzing Apple's failure to protect its customers, predicting that iCloud will fail because of this incident. Of course the usual suspects who troll Apple centric forums will have a field day.
Have I missed anything in my predicted responses?
Were these details actually stored by Apple? Normally Apple emily the services of a 3rd party to carry out online surveys etc.
That's what I was wondering. Was this really an Apple breach or that of a company that was doing something for Apple
Until Apple confirms the hack I will consider this merely bragging by the script kiddie group. If the report turns out to be true, including the number of reported usernames and passwords, then is this really news worthy? Unfortunately, because it is Apple, this will be plastered all over the internet. We will see dozens of hit pieces raking Apple over the coals, advising people to dump Apple products, analyzing Apple's failure to protect its customers, predicting that iCloud will fail because of this incident. Of course the usual suspects who troll Apple centric forums will have a field day.
Have I missed anything in my predicted responses?
Other than the detail that it is just as likely to happen without any details just like with the whole location fuss, the iphone 4 antenna flaw, the FCPX is utter crap and 'everyone' says so etc
Have I missed anything in my predicted responses?
People who hear the shrillness could start taking their credit card details out of iTunes, which would be a disaster for Apple. Obviously this was a separate system, but you can't expect a layman to make such distinctions.
Were these details actually stored by Apple? Normally Apple emily the services of a 3rd party to carry out online surveys etc.
This was also my first thought.
This caught my eye; the fact that they pulled encrypted passwords means nothing. Passwords stored in databases SHOULD be encrypted so if they are stolen (like in this case) they are useless. Trying to log in with an encrypted password would cause re-encryption of the user-entered password, thus breaking it rendering the stolen information useless. If other sensitive data is stolen (CCs, addresses, phone numbers), however, that would be a big deal.