Hackers score minor breach on Apple site

Added by Monique Robinson on July 4, 2011

A group of hackers that have claimed responsibility for attacks and data breaches on a number of high-profile web sites claimed responsibility for exposing a number of usernames and encoded password they gleaned from a server running Apple.com on Sunday.

The group, called Anonymous, posted 27 Apple usernames and encoded passwords on another web site. The group acquired the data from a server that runs Apple’s Business Intelligence web site – the site is currently offline. The affected server was running database software that’s well-known to have a number of security vulnerabilities, unless it is adequately protected and is thought to have exposed some of its information as a result of a SQL Injection Attack. A SQL Injection Attack takes advantage of a common programming mistake to execute data access statements where there would normally be only data being sent to the database. The data breach has not been confirmed by Apple, nor is there currently any information that verifies whether the data actually came from Apple servers. A partial sample of the breached data follows:

Username: survey
Password: *3D845C05…

Earlier this month, and during the past several months, hackers have claimed responsibility for a number of breaches including Apple’s new iCloud service, Arizona Department of Public Safety, US Senate, a site of a company associated with the FBI, and a Twitter account for a news service. The hackers usually collect data from affected sites, but sometimes cause other problems, like posting false information. The groups’ stated goal is to expose software vulnerabilities and other loopholes on web sites run by private companies and governments.