Data breaches happen all the time, but when the giants get hit, it’s impossible not to wonder what kind of critical data may become exposed. Earlier this week, notorious cybercriminal Intelbroker reported that they managed to hack AMD. Now, they followed up with claims about hacking Apple, and went as far as to share some internal source code on a hacking forum.
As Apple has yet to comment, all we have to go off is the forum post, first shared by HackManac on X (formerly Twitter). In the post, Intelbroker states that Apple suffered a data breach that led to the exposure of the source code for some of its internal tools. The tools include AppleConnect-SSO, Apple-HWE-Confluence-Advanced. There’s been no mention of any customer data being leaked, which is good news, but there could still be some impact on Apple if this proves to be true.
According to 9to5Mac, AppleConnect-SSO is an authentication tool used by Apple to allow its employees access to various internal applications. For instance, employee-only apps on iOS rely on AppleConnect-SSO for secure authentication. It’s reportedly very similar to an Apple ID, but only for internal use and without access to email addresses. It’s also said to be built into tools that are used by Apple Store employees, such as Concierge and EasyPay. Apple-HWE-Confluence-Advanced is most likely used for internal information sharing.
🚨 #DataBreach 🚨
A potential data breach at Apple has been detected on a hacking forum: IntelBroker allegedly leaked the source code of 3 internal site tools.
According to the post, in June 2024, Apple suffered a data breach leading to the exposure of some of their internal… pic.twitter.com/rTh2xRELBq
— HackManac (@H4ckManac) June 19, 2024
It’s unclear whether Intelbroker is trying to sell the data or not, as it appears to just be up for grabs as is. Leaking the source code for internal tools should have a limited impact on Apple’s operations, although if the code falls into the wrong hands, perhaps threat actors may be able to find areas to exploit to cause further damage.
Apple still hasn’t confirmed the breach or the extent of it, so Intelbroker’s claims could be made up. However, seeing as the cybercrime group has previously hacked AMD just this week, there might be some truth to it. The attackers reported that they managed to obtain the plans for future AMD products, customer information, and employee details.
AMD admitted to the data breach, but it also hinted that its extent is nowhere near as bad as it sounds; the concerns for customer data remained unaddressed. In a statement to Bloomberg, AMD said: “Based on our investigation, we believe a limited amount of information related to specifications used to assemble certain AMD products was accessed on a third-party vendor site. We do not believe this data breach will have a material impact on our business or operations.”