Posted on June 4, 2018 at 3:48 PM
An unknown hacker claims to have access to Apple’s account data, and that they are able to provide return information for various products. However, they would not provide detailed evidence, and some info that they have shared appears to be incorrect.
Apple internal tools in the hands of a hacker?
A hacker has released a claim to be able to access Apple’s internal tools that allow them to return account info on the company’s customers. This person has even tweeted multiple photos that somewhat support this claim since they indicate that the hacker can actually access Apple GSX (Global Service Exchange) system. This is the same system that the company’s workers are using to respond to requests regarding product repairs, as well as to provide support.
The hacker was contacted and given a serial number of Apple Watch as a test of their capabilities. In minutes, the hacker responded by sending a screenshot that seems to contain the info about the model, type, as well as series of the product. The info provided was correct, but it did not contain any other data, except for the claim that the device was out of warranty, which is false.
Upon requesting the rest of information that the hacker should be able to access if their claims were true, they refused to comply. Instead, they stated, “I can’t tell you my work.”
So far, the hacker has been using broken English, and they stated that they are selling this access to systems belonging to Apple. According to the hacker, he or she already has at least 20 customers per day, whose needs are satisfied through the use of ‘private exploit’. Through this so-called private exploit, the hacker was obtaining system’s passwords and usernames. Once again, upon receiving the request for additional info, the hacker refused to provide it.
The hacker uses a dummy version of the system
A person familiar with these systems and their method of work has stated that the hacker is likely using a test version of Apple tools, which were used solely for the purpose of developing the system. According to this insider, the data contained in the test version is dummy data. Basically, it can be used for getting some valid info, like the data regarding the device itself. However, by using this, the hacker cannot reach any account information of the customers themselves. In fact, the source has even stated that this system doesn’t return real warranty or account data at all.
After learning this, the hacker was contacted again, with additional requests to respond to this new info. However, they have failed to respond as of yet. So far, it has become clear that the hacker has actual access to this test version. How they managed to get to that is not yet known. Apple has not yet commented on the situation either.
Apple is a large and successful company, and it is not that surprising that it is often a target for cybercriminals, real or fake. Their major goal was always to try and extort the company, or alternatively, to try and scam their users and customers.
Just last year, one such scam revolved about cybercriminals‘ claim to have access to Apple ID records, which numbered millions of users. They demanded a payment, or they would wipe these accounts remotely if the money doesn’t arrive. However, they never received any money, but they also failed to deliver on their threat.