The Hackerdose team has discovered a significant data leak that has impacted a staggering 340 million Apple iCloud users.
The sensitive information, such as users’ full names, email addresses, phone numbers, gender, and locations, is currently being sold on a dark web marketplace by an individual using the username “Shingchiyo.”
The leaked data includes iCloud users from all over the world, accounting for more than 40% of Apple’s reported 850 million iCloud users globally.
It is still unclear where this massive data set came from, as there is no recently known breach or attack that can account for the large number of compromised accounts.
This data is being sold on a dark web forum called BreachForums, which is a notorious marketplace for stolen data and sensitive information obtained through illegal methods.
Shingchiyo claims that the database for sale is up-to-date and reliable, making it a sought-after resource for cybercriminals who are targeting iCloud users.
The threat actor has not mentioned a specific price for the data, but they have given a Telegram contact for negotiations and expressed a willingness to involve a middleman in the sale.
As evidence of its legitimacy, the threat actor has provided a sample of the data to support their claims.
We conducted an investigation to confirm the legitimacy of the leaked data. After comparing the sample data with social media information, we were able to verify that certain email addresses corresponded to the names and usernames of iCloud users, along with their locations.
In addition, we have reached out to multiple individuals whose information was found in the sample, alerting them about the breach and recommending that they remain on guard against possible phishing emails and other suspicious messages.
Although the sample’s legitimacy has been confirmed, there is still no solid evidence to back up the extent of the breach as claimed by the threat actor.
There are many skepticism regarding the source of the extensive data leak, since a breach of this scale would have not gone unnoticed.
Subscribe to our newsletter
The company, renowned for its robust security measures and dedication to safeguarding user privacy, is under considerable pressure to thoroughly investigate the allegations and offer clear explanations to its users.