Hackers have posted online the unique ID numbers for more than one million Apple devices. As claimed in news reports, the file was obtained through phishing. A hacker intercepted an email sent to several dozen FBI agents. In the header of the email were all of the agents’ email addresses. The hacker crafted emails that appeared to come from legitimate FBI email addresses and sent the email to other FBI agents in hopes of gaining access to the unsuspecting FBI agent’s computer. All that the victim (FBI agent) had to do was open the email and click on a link.
The FBI has denied this event took place or that they even possessed the list. The issue will get muddied because the primary concern will not be who hacked the FBI laptop but why the FBI had the list in the first place or why the list even exists. Until March of last year, 160 million iOS devices had been sold. The hacked list contains information on about 12 million devices and their users. Links to two news stories with more information are provided below.
FBI denies report hackers leak 1 million Apple device IDs
FBI denies link to leak of 12 million Apple codes
How does this affect you? I would not worry about whether or not your iPhone or iPad is on the list. Since the list reportedly contains information on over 12 million devices, I suspect Apple will address the issue in due time. I suggest waiting until the story unfolds and more information is available.
What may happen that is even more of a concern is that you may now start seeing emails about securing your iPhone, providing “instructions” on how to check if your device is hacked, or claiming that your iOS device is on the list. Many of these will be phishing attempts. Under no circumstances should you respond to an email that says you are on the list, not even if the email appears to be from Apple. I would take any concern you have about your device to an Apple representative. Do not rely on an unknown “Good Samaritan” offering to help you by email.
Plan. Protect. Prosper.
Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.