Jailbreak tweak allegedly steals 220,000 iCloud email addresses and passwords

iCloud details stolen by jailbreak tweaks

If you jailbreak your iOS device, beware shady tweaks that are looking to steal your iCloud login credentials. Chinese security website WooYun reports that some 220,000 iCloud email addresses and passwords have been stolen by jailbreak tweaks so far.

Hackers are said to be using a variety of “built-in backdoors” in what could be numerous jailbreak tweaks to acquire iCloud information, according to the warning. We don’t yet know who is behind the scheme, or what they intend to do with the stolen iCloud accounts.

But of course, with access to both email addresses and passwords, the hackers would be able to read iMessages, steal contact information and emails, and even acquire photos and other media. The image above shows some of the accounts that have been stolen.

220,000 users seems like a lot for one jailbreak tweak, but it’s thought a number of them may have been used, and some of them may have posed as free versions of popular paid tweaks. Reddit user ZippyDan also points out that the Chinese market traders often sell iPhones that are pre-jailbroken, and many of these may have been passed on with the shady tweaks already installed.

To keep your iCloud data safe, you should avoid installing jailbreak tweaks from unknown and untrusted sources. You should also enable two-step authentication, which would prevent someone else from accessing your account even if your email address and password was obtained.

[via Reddit]