iCloud Breach

Two days ago, we told you about an attack on jailbroken iPhones that compromised the accounts of some 220,000 iCloud users. New details have since emerged about the breach, that confirm what we initially speculated in the post on Tuesday evening.

The vast majority, if not all of the accounts, were of Chinese origin. On Wednesday morning, I personally confirmed this with someone directly in the know about the attack.

To that extent, a website has been created for potential victims of the attack to see if their account was compromised. That website is in Chinese, further emphasizing the origin and the region that was affected by this recent breach.

In all, there are a whopping 105,275 valid iCloud accounts out of the 220,000 compromised. That means that nearly half of those accounts captured contain active username and password combinations.

As speculated, this was indeed the result of a jailbreak tweak, but it was also self-inflicted, meaning users installed both the repo and the tweak responsible for the intrusion.

According to a recent thread on /r/jailbreak, and as confirmed by my source, the Cydia Substrate tweak responsible for this mess came from the apt.feng.com/aptso/ repository. The apt.feng.com domain is where users can host their own repos, sort of like “myrepospace” for Chinese users.

Obviously, it’s never a good thing when user accounts get compromised, but if you haven’t used the aforementioned repos, which is likely if you’re not in China, then you probably have little to worry about with regard to this particular attack.

That being said, as I outlined in our previous post, you still need to exercise care if you’re jailbroken. There are some practical steps that you can take to protect yourself from an attack like this.

Rest easy knowing that you most-likely weren’t compromised, but be sure to stay safe by making wise choices, and turn on two-factor authentication.

How are you feeling about user security on your jailbroken iPhone?

  • Ω̴̩̩̩̥VΩ̴̩̩̩̥ Vera

    just goes to show, jailbreaking is leaving people more vulnerable to stuff. hopefully no dev doesnt go insane and implements this into their tweak. but who knows they probably already do in tweaks with drm that doesn’t effect the device at all and instead works backend without you knowing. think about it.

    • That’s why 2FA is an absolute must on every thing you log into.

    • Newgunnerr

      No.. Its not jailbreaking that makes you more vulnerable. It’s the people who add these repos.

  • NolesFan

    Thank you Jeff, it does ease my mind to know I am not affected. I only use trusted repos and I pay for the apps I want. I am very protective of my data and I’m comfortable with the current state and plan to keep my jailbroken phone until an exploit is found in iOS 9.x. Thanks again for keeping us knowledgeable about everything.

    • You’re welcome.

      • Antzboogie

        I always pay for my Tweaks for this reason and to support developers. Sometimes I like to try some Tweaks before I actually purchase them from a different repo. Jail breaking has not let me down so I’m going to just tread carefully as I always have with anything I do. Thanks Jeff.

    • Antzboogie

      Me too. We have to support the Developers and keep Cydia clean.

      • Mr_Coldharbour

        A clean Cydia is a better Cydia, for all. <—-Makes for a nice slogan I'd say.

  • :D

    Was it someone in the comment section of the original article that you confirmed this with?

    • Gucciipad

      I agree. I’ve been having space issues. Before iOS 7 lots of had space now hardly any space.

  • Scott

    Whenever I jailbreak I lose my music, and/or have sync issues. Not sure what happens… I only installed Springtomize and a few other tweaks. Needless to say I updated my iPhone and will wait until iOS 9 jailbreak comes available. Annoyed that every time I jailbreak my Music has issues. And I re-installed my jailbreak twice and still had the same issue. :@

    • Antzboogie

      That’s weird you have should have restored after you Jailbroke.

      • Scott

        I did that the first time, I have no clue why it’s doing this – I’ve been jailbreaking a long time and it’s only happened since Apple Music, iCloud Music was released. Anyway – I’ll wait until next JB for iOS9 but very disappointed/frustrated.

  • Mr_Coldharbour

    Ladies and gents, it’s quite simple really, do not add untrusted/questionable 3rd party Cydia repos, and especially do not pirate or install pirated tweaks. If you choose to use 2FA, then great, if not, then at least exercise caution and use apps like 1Password to generate unique and complex passwords for each and every online service that you use. Also, at least in my opinion, limit the amount of sensitive data that you allow to store in the cloud. I for one do not use any cloud service whatsoever, never have and never will, I just don’t have the need for it. It all comes down to personal responsibility. You wouldn’t walk down a dark and scary-looking alley in the middle of the night would you? Same principle applies, don’t install things you’re unsure of.

    Once more, thank you Jeff for keeping us informed about stories like these.

  • Manuel Molina

    That’s why you should unclick that box you can’t read before you jailbreak.

  • Apple to victims: “HAHAHAHAHAHAHAHAHAHAHAHAHA! Go suck an Android”

  • M_thoroughbred

    People need to understand that jailbreaking in itself is a security breach. If you jailbreak you have to be really careful on what it is you download. And only download from trusted sources.

  • Mehra

    After “DylibSearch”, I feel Stress free. Thanks.! 🙂