So, Anonymous, under the guise of its AntiSec campaign, has hacked an Apple server, got access to 27 administrator usernames and passwords, and put them on Pastebin. Is it time to panic? Is it time to point and laugh at Apple? Is it time to stop using iTunes? Not really – this is a small hack that will cause little to no damage.
Even though LulzSec officially called it quits not too long ago, some of its members teamed up with Anonymous to continue their campaign of mischief under the AntiSec moniker. Companies and websites are being hacked left and right, but it’s impossible to keep up with all this stuff. Imagine my surprise when I read Apple got hacked.
So, what is in this data cache? Not particularly much, probably because it looks like a rather minor server that got hacked – abs.apple.com – which has since been taken offline. They managed to extract a whopping 27 usernames and passwords – but the passwords are hashed. I’m no security expert, but comments over at Hacker News indicate that the hashes are Googleable. They appear to be “MySQL ‘PASSWORD()'(SHA1 x2) hashed passwords”, and indeed, Google returns results for these. No idea what that means – can someone with knowledge in this field pipe in here?
This looks like the result of another SQL injection attack, but other than some minor embarrassment, it would seem this won’t affect Apple or its customers too much. LEt’s hope the iTunes account database is properly secured – but considering the fact that iTunes is most likely a high-profile target and has not yet been hacked, it’s probably safe to assume it’s going to take more than an SQL injection to cause any serious damage to Apple.