While the infamous hacking group LulzSec are done with their 30-days long campaign creating a havoc by hacking into several government and corporate websites, a new group of hackers who call themeselves “AntiSec”, are claiming to have hacked into one of the Apple’s servers using an SQL injection.
According to reports, it is expected that the group includes hackers from both Anonymous and LulzSec Security. Anonymous tweeted that they hacked one of the Apple servers and managed to steal 27 usernames and passwords. The document wih usernames, password and the server link was posted on Pastebin.
The hackers gained access to Apple’s severs due to a security falw in Apple’s software that is used by the Cupertino, California based gadget maker and other companies. However, the hacker group stated that they are focused elsewhere and there is nothing to worry about Apple as of now, but it could be target in the near future.
AntiSec posted that they managed to steal username and password from this server:
The hacked Apple’s servers is used for conducting technical support follow-up surveys. Currently the server is temporarily down: http://abs.apple.com/fsurvey/survey.html?l=en
Apple was earlier hacked by LulzSec during their month-long campaign. LulzSec posted that it had “mapped Apple’s internal network, thoroughly pillaging all of their servers, grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck.”
Some weeks ago, we smashed into the iCloud with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point, we acquired command execution via local file inclusion of enemy fleet
Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going?
However, Apple has not yet confirmed the breach and we are not sure if these claims are true.