In June, there were reports of an iOS 8 bug that allowed anyone to steal iCloud password through the Mail app. We thought that was crazy!
But this news is the craziest and shocking of all…
As over 220,000 iCloud passwords and usernames are stolen and stored on a remote server.
WooYun, a chinese website, reports that an unknown jailbreak tweak has silently hacked into Apple iCloud accounts, took those email addresses along with the encrypted password.
All these iCloud accounts are now leaked on the Internet. And this should affect only users who have jailbroken their iPhone / iPad.
I Do Use Jailbreaking Tweaks! Now What?
Some shady jailbreaking tweak has stolen these data. It is unclear as to what’s the name of this tweak is, or which repository it belongs to.
One look at the comments in Reddit, and you will notice that popular repos such as ModMyi and BigBoss are not the culprit.
In fact, the iCloud accounts were compromised because of a “cheating/bot tweak that instantly grabs red envelope rewards off Chinese apps.”
So our guess is that it was a Chinese jailbreak tweak that caused it. Of course, Apple hasn’t reacted to this situation as jailbreaking isn’t what they recommend to its user, leaving users to fix this problem themselves. For that reason:
Make Your iCloud Account Safe
If you have downloaded lots of jailbreaking tweaks from Cydia that you don’t even know, then please change the iCloud password. That’s the number one solution we can recommend you at this point.
Next, please activate two-factor authentication. This will protect your iCloud account against hackers or anyone who wants to access your password-protected account. Very soon we will publish another article explaining how to activate 2FA on your iPhone / iPad.
Lastly, to make sure your iCloud account is safe, do not download tweaks from any pirated or unknown repository. That includes any repo that is either in English or Chinese language.