Details of more than 225,000 Apple accounts were stolen without users’ knowledge – but only on phones that were "jailbroken".
Using malware spread through popular jailbreak tool Cydia, hackers managed to steal account information from users in 18 different countries, according to research from Weiptech and Palo Alto networks:
We believe this to be the largest known Apple account theft caused by malware.
Jailbreaking is the process of removing hardware restrictions on your phone’s operating system, so you can install apps you otherwise couldn’t.
It’s tempting, because it allows you to customise your phone more, but at the same time it also makes it more vulnerable to malicious attacks.
Keyraider, the malware used in the Cydia attack, uploaded logins and other stolen information to a server. Since this server was itself not secured, researchers were able to reverse-engineer the hack once they’d discovered it, and break into the server to retrieve part of the stolen data.
Our primary suggestion for those who want to prevent KeyRaider and similar malware is to never jailbreak your iPhone or iPad if you can avoid it.