The group posted the username and password combos for 27 root and admin accounts from the users table in a mysql database on a machine apparently used to conduct surveys for the Cupertino computer maker.
The alleged information was taken from a server used by Apple for online surveys and did not belong to the public or Apple customers. The data was posted publicly on pastebin, a file-sharing Web site.
The group claiming responsibility for the attack is believed to be working closely with hackers who were involved in Lulz Security.
Lulz Security is a hacker group that disbanded last week after attacking a number of sites over the past two months, including PBS.org, the United States Senate, the Arizona Department of Public Safety and the Web site of a company associated with the Federal Bureau of Investigation.
In the Twitter message about the data breach, hackers said Apple could become a larger target but that members were currently busy with other goals. “Apple could be target, too. But don’t worry, we are busy elsewhere,” the group wrote in the message which was posted by an unidentified user under the title “Not Yet Serious.”
A spokesman for Apple didn’t immediately respond to a request for comment. “AntiSec incidents aren’t “heists” of data, they’re “walking out of an unlocked office with sensitive file folders under their arms,”” said xek Josh Myer, a Twitter user.
Earlier this month Lulz Security announced that it had breached Apple’s iCloud servers, which are used for the company’s cloud music and photo service that is expected to launch later this year. But the group never posted any of this alleged information online.
Apple is due to release its anticipated iPhone 5 and iPad 3later this year. The latest hack may affect the devices’ launch date. The upcoming iPhone 5 is rumored to flash an 8MP camera with dual flash, A6 processor, a glass-free 3D view and tear-drop design.
This latest breach, and other recent attacks on corporate and government Web sites, is part of a growing movement by hackers called Anti Security, or AntiSec online.
The stated goal of this movement stated publicly is to expose loopholes and software vulnerabilities on company and government Web sites and servers.
Security experts and law enforcement see the string of AntiSec-labeled attacks as a justification by hackers to wreak havoc online. [via The New York Times, The Wall Street Journal and International Business Times]