Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple says no customer information involved in hack by Australian teen

Apple's "global command" data center in Mesa, Ariz. | Source: The Republic

Last updated

Apple on Friday commented on recent revelations that an Australian teen gained unauthorized access to its corporate computer network, saying the hack did not compromise customer data despite reports claiming the boy accessed customer accounts.

On Thursday, The Age reported a 16-year-old Melbourne boy, whose name is not being made public because he is a juvenile, conducted a series of attacks on Apple's computer systems over the course of a year.

In all, the hacker collected some 90 gigabytes of secure files and accessed customer accounts, according to court statements. The teen lodged a guilty plea when in Children's Court on Thursday.

Apple security personnel "discovered the unauthorized access, contained it, and reported the incident to law enforcement," a company spokesman told Reuters on Friday.

"We ... want to assure our customers that at no point during this incident was their personal data compromised," the spokesman said.

According to The Age, Apple notified the U.S. Federal Bureau of Investigation upon discovering the hack, and the law enforcement body handed the case over to the Australian Federal Police.

A raid of the boy's suburban home last year yielded two Apple laptops, a mobile phone and a hard drive associated with the hack. According to statements heard in court, the serial numbers of the laptops and the mobile phone's IP address matched those of devices that accessed Apple's systems.

While details of the intrusion are at this point unknown, the teen was reportedly able to remotely access Apple's secure network through highly protected "authorized keys" and software installed on at least one laptop. Over the course of a year, the boy gleaned some 90GB of data from Apple's servers, which was subsequently stored in a file named "hacky hack hack."

Media is just now learning about the hack thanks to the teen's court appearance. Apple was said to be "very sensitive about publicity" regarding the incident and successfully kept word of the case out of the public eye.



25 Comments

mattinoz 9 Years · 2488 comments

Story icon shows New Zealand flag but teen is Australian. 

welshdog 22 Years · 1898 comments

So if he had access to customer data then he was probably in the Customer Support network. When I did iOS support from my home I connected to the network via some sort of VPN on the provided iMac. The iMac came preconfigured for access. When I was using the Apple provided Java app that was the core of all work that I did, I had access to all aspects of customer data including credit card information. Basically you could do anything. But, when you were in the app, Apple was fully aware of and montioring everything you did. If I went into the area with credit card info, it left a trail of what I did that could be reviewed later.  I don't know for sure, but I suppose all this data is available to others in the company, but I don't know how they would have accessed it. Seems like it would be wise to limit not only who has access, but to limit how they can access it. Like I seriously doubt that Tim Cook could call up customer data on his iMac.  I gotta figure that this customer data in raw form (like pulled off a server drive) would be pretty cryptic and pretty difficult to decipher.  Also, surely it would have been encrypted? Maybe that is how Apple can say he had no access to customer info - he had data but had no way to make it readable.

Rayz2016 8 Years · 6957 comments

Unsurprising. 

If the hack had involved customer accounts then the company would’ve been obliged to make the hack public to warn customers. 

However, the fact he had access to “authorised keys” seems to indicate that Apple is leaking somewhere. The network is secure, but some procedure somewhere is not. 

s.metcalf 21 Years · 964 comments

Why are you showing the flag of New Zealand?   :D

larryjw 9 Years · 1036 comments

welshdog said:
So if he had access to customer data then he was probably in the Customer Support network. When I did iOS support from my home I connected to the network via some sort of VPN on the provided iMac. The iMac came preconfigured for access. When I was using the Apple provided Java app that was the core of all work that I did, I had access to all aspects of customer data including credit card information. Basically you could do anything. But, when you were in the app, Apple was fully aware of and montioring everything you did. If I went into the area with credit card info, it left a trail of what I did that could be reviewed later.  I don't know for sure, but I suppose all this data is available to others in the company, but I don't know how they would have accessed it. Seems like it would be wise to limit not only who has access, but to limit how they can access it. Like I seriously doubt that Tim Cook could call up customer data on his iMac.  I gotta figure that this customer data in raw form (like pulled off a server drive) would be pretty cryptic and pretty difficult to decipher.  Also, surely it would have been encrypted? Maybe that is how Apple can say he had no access to customer info - he had data but had no way to make it readable.

When you say you had access to credit card info, what info? What is the “anything” you could do?