A group of hackers calling themselves AntiSec has published what it says is a million Apple IDs online. It says it has 12 million more, and that it also has the personal information of account holders.
So why has it posted these details, and are you at risk?
HackingThe group says the Apple IDs, plus the user-names, telephone numbers and addresses, were stolen from an FBI computer in March this year. It also claims the FBI is using this information to keep tabs on certain individuals.
It says it has chosen to publicise the IDs in order to expose the weakness, without making users even more vulnerable.
In a statement it said: "during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose. [sic]"
The hackers say they will not provide further statements until Gossip site, Gawker, publishes a photo of its journalist Adrian Chen in a tutu, with a shoe on his head, on its homepage. Chen has criticised hacking groups in the past.
Are you at risk?The good news is that there's little sign that there is any intention to use the details that have been found. Graham Cluley, an expert at Sophos says: "My suspicion is that the hackers were more interested in embarrassing the FBI's team than endangering innocent users."
However, to be on the safe side, it is worth working on the assumption that your details may have been compromised. It's a good idea to change your password - and change it on any other site that uses the same password.
You will also need to be particularly suspicious of any approaches you get out of the blue - especially ones claiming to be from Apple.
Even if your details are not part of this particular hacking, it is a reminder that data is not always as secure as we would hope. Cluley adds: "It's obvious that the data (and the computer it was apparently stored on) was not adequately secured."
It is therefore worth taking sensible precautions, taking care we know the organisations we are passing details to, that we vary passwords so that if the hackers find one they do not immediately get access to something more sensitive, and that we view every approach we get online with real suspicion.
- Hacker steals and publishes police force data
- How risky is your password?
- Is Tesco putting your data at risk?