Two days ago, we told you about an attack on jailbroken iPhones that compromised the accounts of some 220,000 iCloud users. New details have since emerged about the breach, that confirm what we initially speculated in the post on Tuesday evening.
The vast majority, if not all of the accounts, were of Chinese origin. On Wednesday morning, I personally confirmed this with someone directly in the know about the attack.
To that extent, a website has been created for potential victims of the attack to see if their account was compromised. That website is in Chinese, further emphasizing the origin and the region that was affected by this recent breach.
In all, there are a whopping 105,275 valid iCloud accounts out of the 220,000 compromised. That means that nearly half of those accounts captured contain active username and password combinations.
As speculated, this was indeed the result of a jailbreak tweak, but it was also self-inflicted, meaning users installed both the repo and the tweak responsible for the intrusion.
According to a recent thread on /r/jailbreak, and as confirmed by my source, the Cydia Substrate tweak responsible for this mess came from the apt.feng.com/aptso/ repository. The apt.feng.com domain is where users can host their own repos, sort of like “myrepospace” for Chinese users.
Obviously, it’s never a good thing when user accounts get compromised, but if you haven’t used the aforementioned repos, which is likely if you’re not in China, then you probably have little to worry about with regard to this particular attack.
That being said, as I outlined in our previous post, you still need to exercise care if you’re jailbroken. There are some practical steps that you can take to protect yourself from an attack like this.
Rest easy knowing that you most-likely weren’t compromised, but be sure to stay safe by making wise choices, and turn on two-factor authentication.
How are you feeling about user security on your jailbroken iPhone?