220,000 iCloud accounts breached in what is being called a backdoor attack

220,000 iCloud accounts breached in what is being called a backdoor attack


A Chinese website called WooYun has claimed that iCloud login details of around 220,000 jailbreak users have been leaked and are stored on a private server. The leak according to the website was performed using ‘tweaks with back-doors’ that users installed on their jailbroken devices. After installation these malicious tweaks transferred the iCloud login details of the user, which includes the email address and the password to a remote server.

This leak, which was brought to our attention by /r/jailbreak, was reported by a Chinese online vulnerability reporting platform called WooYun. It’s an information security platform where security researchers report vulnerabilities and vendors give feedback. WooYun is a legit site, and it has reported thousands of security related issues in this month alone.

On a post on its website, WooYun details the nature of this particular attack, stating that 220,000 accounts have been compromised as a result of a malicious jailbreak tweak or plug-in. It also states that WooYun has notified vendors—presumably Apple—and are awaiting processing.

It’s sure to make any jailbroken iPhone user take note, but before you get too alarmed, understand that this hack has nothing to do with Apple’s security, and that there appears to be special circumstances in the case of this breach.

Who’s affected?

When you start to break down the facts, it appears that this breach has had an extremely limited reach, if any, on those who jailbreak their own devices. That rules out most of those who reside outside of China and surrounding areas.

The report states that these accounts were compromised as a result of a malicious jailbreak release. By just doing some mental math, it seems highly unlikely that any jailbreak tweak would receive the amount of penetration required to affect a quarter of a million users, let alone a malicious tweak posted on some shady third-party repo. So the likelihood that this attack is the result of any of the tweaks that we use in the community is very slim.

With such a large number of compromised devices, it would seem that such an attack is the result of a more organized and methodical method of entry—a preinstalled backdoor, if you will.


Yes, there are shady tweaks that make it through the cracks, to be sure. Yes, there are malicious third-party repos that host cracked software and likely host malicious files as well. Yes, jailbreakers do inherently open themselves up to more risk than those who don’t jailbreak.

That’s all true, but it’s also highly unlikely that any of that was the case in this attack, if the breach is indeed the result of a malicious backdoor, as noted by WooYun.

Protect thyself

That’s not to say that jailbreakers in general can’t take something away from this. We all can strive to do better when it comes to security. Here are some of the things that we should all be doing to help protect ourselves and others:

  • Enable 2 Factor Authentication
  • Don’t add shady third party repos to Cydia
  • Don’t pirate tweaks or apps
  • Don’t install tweaks outside of Cydia

These may sound like basic things, but by following the above protocol, a jailbreaker can mitigate much of the risk associated with jailbreaking.

What do you think about this report ? Does it move your needle in any particular direction as far as your opinion of jailbreaking goes? Sound off down below with your thoughts on the matter.

Leave a Reply