A Reuters report published on Tuesday confirmed that Apple's online storage service iCloud has been hacked.
The report cited a blog post from Chinese site Greatfire.org which speculated that the hackers tried to intercept data and access passwords, iMessages, photos and contacts using a "man-in-the-middle" (MITM) attack."
Reuters said Chinese web monitoring group, Greatfire.org, believes the country's government is involved in the said attack. The group also said that the attack is somewhat similar to previous attacks perpetrated on Google, Yahoo, and Microsoft.
According to Greatfire, the attack came weeks after Apple announced "it would begin storing iCloud data for Chinese users on China Telecom servers," the report said. It also allegedly coincided with the start of iPhone 6 sales in China.
Apple posted a statement on its website saying they are "committed" to protecting their customers' privacy and security.
"We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously," it added.
AP, citing Apple's statement, said that the recent attacks will not affect users who sign into iCloud from their iPhones, iPads, and Macs using the newest Mac operating system, OS X Yosemite, and Safari browser.
However, the company did not talk about the hacking and who are responsible for it. It also did not confirm Greatfire's theories.
Apple warned users that when they get an invalid certificate warning while visiting iCloud, they should not proceed. They also urged users not to enter their Apple ID and password when they see a certificate warning.
The company also asked users to verify if the iCloud website they are trying to connect to is legitimate. They could use the security features built into Safari and other browsers. It noted that whenever users try to connect to a site that does not contain a digital certificate, browsers tend to verify its authenticity, sending the users a warning. When the warning appears, users must not sign in.
Meanwhile, the same Reuters report said that China's Foreign Ministry spokeswoman Hua Chunying that the country opposes hacking, adding that their government itself also became a victim of attacks like this.
Reuters tried to confirm the allegations of Greatfire.org by asking the opinions of some security experts. Reuters said that the theories posted by Greatfire were credible. F-Secure chief research officer Mikko Hypponnen told Reuters that it was a "real attack."
Greatfire said that Chinese Internet providers such as China Telecom could have been tapped by the government for the said attack. However, Reuters said in the report that a spokesman for China Telecom has denied the accusation. The report said that it is still unknown whether these hackers are still active.
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
