• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • 220K iCloud Email Addresses and Passwords Were Allegedly Stolen from Jailbreak Tweaks


    According to a recent Reddit post from ZippyDan, Chinese security website WooYun reported that approximately 220,000 iCloud passwords and email addresses were stolen from jailbreak tweaks. So if you jailbreak your device, be cautious as some tweaks out there are looking to obtain your iCloud login information. It was noted that multiple ‘built-in backdoors’ are being used by hackers in a variety of jailbreak tweaks to get this information.

    It is unclear as to who is behind all of this and what they’re looking to do with all the private information. However once the hackers have all information, they are able to steal contacts, emails, and iMessages. They will also get access to videos, photos, and any other type of media. To prevent your information from being stolen, think twice before installing tweaks from untrusted and unknown sources. If your information was obtained, enabling two-step authentication can also prevent someone from getting into your account.

    Everyone likes tweaks, that is one reason why people jailbreak their devices in the first place. But definitely be careful who you’re getting the tweaks from and make sure you’re downloading from a trustworthy source.

    Source: Reddit
    This article was originally published in forum thread: 220K iCloud Email Addresses and Passwords Were Allegedly Stolen from Jailbreak Tweaks started by Akshay Masand View original post
    Comments 19 Comments
    1. xboxbml's Avatar
      xboxbml -
      One of the reasons I really don't JB anymore...much...
    1. ab03's Avatar
      ab03 -
      Wait - there are 220 million jailbreakers? That number seems absurdly high
    1. iSteveO's Avatar
      iSteveO -
      Quote Originally Posted by ab03 View Post
      Wait - there are 220 million jailbreakers? That number seems absurdly high
      220 thousand, not million, but still seems high, at least for a single tweak or developer. That's crazy!
    1. rolandgabor's Avatar
      rolandgabor -
      Quote Originally Posted by ab03 View Post
      Wait - there are 220 million jailbreakers? That number seems absurdly high
      Lol. 220K, 220,000 mentioned twice.
    1. Johnnytucats's Avatar
      Johnnytucats -
      Turn on Two-Step Verification and let everyone else sort it out. Once you have Two-Step enabled, you can go honky tonkin' in Texas.
    1. iYeow's Avatar
      iYeow -
      Quote Originally Posted by Johnnytucats View Post
      Turn on Two-Step Verification and let everyone else sort it out. Once you have Two-Step enabled, you can go honky tonkin' in Texas.
      Are you referring to emails on 2 steps verifications ? What about iCloud Apple ID and password ?
    1. XweAponX's Avatar
      XweAponX -
      Quote Originally Posted by iYeow View Post
      Are you referring to emails on 2 steps verifications ? What about iCloud Apple ID and password ?
      2-step verification presents itself as an option during the initial iPhone setup process.
    1. towboattrash34's Avatar
      towboattrash34 -
      80% of the tweaks are useless garbage. My self I only use about 5 tweaks from people I've known & in this game for several years.
    1. budsalinger's Avatar
      budsalinger -
      I don't install new sources, just what the cydia app comes with. How would I know if someone has my info? can I change to two step verification now? I don't recall seeing that option ever before when setting up a phone. Am I safe if I use my fingerprint 99% of the time? What am I doing? What have I done? What'll I do?
    1. Answer1o1's Avatar
      Answer1o1 -
      Quote Originally Posted by budsalinger View Post
      I don't install new sources, just what the cydia app comes with. How would I know if someone has my info? can I change to two step verification now? I don't recall seeing that option ever before when setting up a phone. Am I safe if I use my fingerprint 99% of the time? What am I doing? What have I done? What'll I do?
      You can do it by signing into your Apple ID on the website. I think it's under profile/security. I'm curious as to how we would find out if we've been hacked or not. I've been using the same sources for years...
    1. buttamix's Avatar
      buttamix -
      Quote Originally Posted by ab03 View Post
      Wait - there are 220 million jailbreakers? That number seems absurdly high
      22o thousaNd
    1. nealh's Avatar
      nealh -
      What tweet or allegedly the source of the theft? Does anybody know?
    1. Silvio6's Avatar
      Silvio6 -
      How the hell would they know how much passwords were stolen ? Non sense ..
    1. jwil736's Avatar
      jwil736 -
      Quote Originally Posted by ab03 View Post
      Wait - there are 220 million jailbreakers? That number seems absurdly high
      It says 220,000
    1. rolandgabor's Avatar
      rolandgabor -
      Quote Originally Posted by jwil736 View Post
      It says 220,000
      220,000,000 thousand
    1. edwilk55's Avatar
      edwilk55 -
      Sounds like a BS Apple post on Reddit to me!
    1. Safer-Networking's Avatar
      Safer-Networking -
      Now if ModMyI woudln't have rejected Spybot for iOS on their repo, they could've recommended the only iOS anti-malware that would actually detect and remove those ID stealing malwares
    1. peacedog's Avatar
      peacedog -
      Quote Originally Posted by towboattrash34 View Post
      80% of the tweaks are useless garbage. My self I only use about 5 tweaks from people I've known & in this game for several years.
      Yup me too. I only have a small handful of tweaks that actually are meaningful productivity tweaks (Activator, MyWi, iCleaner, CCSettings, SendDelay). I have no interest in UI improvements (change font, move icons around) or non-sensical tweaks like Barrel Roll and Graviboard. And the ones I have are from legit repos and devs.
    1. StuG III's Avatar
      StuG III -
      From reddit user TimyX14

      OP are you using Google Translate to translate your source? Cause the information you have provided is not informative enough.
      Anyway this breach only happen if you have installed one of the "Snatch Red Packet" tweak - Basically in China large messaging firm like WeChat allow user to snatch red envelope/packet which contain virtual money with monetary value which can be transferred to your own bank account which aroused the greed of these people leading to them installing this tweak.
      Note According to the source and some other sources, this breach only occur in Mainland China but to be safe do change your password regularly and have strong password combination consisting of upper cases, lower cases, number, special character etc to prevent others from easily bruteforce your password. The more unique it is the harder a cracker is able to crack your password of course unless your being keylogged. And DO NOT STORE ANY SENSITIVE INFORMATION/DATA/FILE on ANY Cloud Services (Inclusive of ICLOUD).
      Source: https://en.wikipedia.org/wiki/WeChat_red_envelope
      So in other words, no one here has to worry.

      Quote Originally Posted by Safer-Networking View Post
      Now if ModMyI woudln't have rejected Spybot for iOS on their repo, they could've recommended the only iOS anti-malware that would actually detect and remove those ID stealing malwares
      Why was it rejected?