Avid iOS jailbreakers are in for some shocking news. Some built-in backdoors, or Trojans, have been allegedly stealing iCloud email addresses and passwords through jailbreak tweaks installed on devices. It is not yet clear who is behind the data theft or their motives.
Some 220,000 iCloud login credentials including email addresses and passwords have been stolen via installed jailbreak tweaks so far, reports Chinese security website WooYun.
It is believed that the backdoors aka Trojans being employed in jailbreak tweaks were used to acquire confidential iCloud information. It is not known what the hackers really intend to do with the stolen iCloud login credentials.
Nevertheless, the hackers will be able to read iMessages, steal contacts and emails, or even access personal photos and other media installed on affected devices, according to a recent post on Reddit.
Check out the image below showing some of the accounts whose data has been compromised:
It is believed that some of these iCloud user accounts may have been compromised and used, after hoodwinking the users into believing they are downloading the free versions of popular, paid jailbreak tweaks. One Reddit user, ZippyDan, says some Chinese smartphone vendors sell pre-jailbroken iPhones that often ship with shady and pirated tweaks pre-installed.
As a word of caution, iCloud users are advised against installing jailbreak tweaks from unknown and untrusted sources. In addition, one can enable two-step authentication to prevent unauthorised access to their personal accounts, even if email address and password have been compromised.