1 Comment

Summary:

The owner of the website that was used to launch hacking attacks on Apple and Facebook explains how his site was compromised.

The owner of a website that was a conduit used by hackers to breach employee computers at both Facebook and Apple has come forward to explain the events that took place last month. Ian Sefferman, co-founder of the iPhoneDevSDK website, said Wednesday in a blog post that he’d found evidence that the targeted attack came from an administrator account on his website that was compromised.

Though Sefferman says he believes the site is no longer infected, it’s safer not to visit the site for now — hence no link. Here’s how MacRumors reported Sefferman’s statement:

What we’ve learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user’s computers.

We’re still trying to determine the exploit’s exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.

He says he doesn’t believe any his site’s user data was actually compromised.

AllThingsD was the first to report iPhoneDevSDK’s involvement in the attack.

Both Apple and Facebook blamed Java: each reported recently that some of their employees’ computers were infected by malware from a vulnerability in a Java browser plug-in. Apple has since released a software patch for Java for OS X. Both companies say no user data was stolen.

  1. In addition to the clandestine hacking that’s going on, seems to me that there’s a lot of blatant in your face spoofing and phishing that goes unaddressed and unpunished on email, text, and other. Would like to see an aggressive sweep to clean it all up.

    Share

Comments have been disabled for this post