A Chinese website called WooYun has claimed that iCloud login details of around 220,000 jailbreak users have been leaked and are stored on a private server. The leak according to the website was performed using ‘tweaks with back-doors’ that users installed on their jailbroken devices. After installation these malicious tweaks transferred the iCloud login details of the user, which includes the email address and the password to a remote server.
The tweaks in question, which contain back-door methods of stealing the sensitive data were most probably pirated copies of popular tweaks that were edited to include the trojan horse code. It is unclear who was affected by this hack as a complete list of affected iCloud accounts is not available yet. It is also not clear if this hack has affected everyone or just Chinese users. Some of the emails revealed in the screenshot above belong to Chinese websites while they also include Gmail accounts.
The site that reported about the leak has not specified the motive behind this attack and what the hackers intend to do with the information. However since iCloud accounts contain private and sensitive information of iOS users that includes messages, photos, contacts etc this hack should not be taken lightly.
If you suspect that your iCloud might also have been affected by this hack then it is a good idea to first delete any shady or pirated tweaks from your device and then change the password of your account. It is also a good idea to add two-step authentication to your account if you haven’t already. [Reddit/WooYun]