Hackers in Ireland Trying to Buy Apple Employee Logins

| News

Ireland has a new problem to throw at Apple: hackers are trying to buy company logins from employees. In some cases, employees are being offered upwards of €20,000 (about US$22,245) in efforts to coax out user names and passwords.

Hackers ready to buy Apple employee loginsHackers ready to buy Apple employee logins

An Apple employee told Business Insider, "You'd be surprised how many people get on to us, just random Apple employees. You get emails offering you thousands [of euros] to get a password to get access to Apple."

Hackers are reportedly also targeting Apple employees for company information.

Exactly what hackers expect to accomplish once they have logins isn't clear. They may be trying to conduct industrial espionage, dig up personal information, disrupt company plans, or something else entirely.

Getting into Apple's network isn't as easy as getting at an employee user name and password. First, employees have limited access to company data. Second, Apple uses more than just user names and passwords to grant network access; without the rest of the necessary login components, getting at a user name and password won't get hackers into the system.

Still, hackers seem to think getting basic network account login information holds a lot of value. ""I could sell my Apple ID login information online for €20,000 tomorrow," Business Insider's source said. "That's how much people are trying."

Apple has a system in place to educate employees and help prevent login theft, which sounds like a prudent move considering how badly hackers what those credentials.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

Apple isn't going to make it as simple as handing over user names and passwords to get into its network. That said, hackers seem to be ready to spend some serious money to try anyhow.

Popular TMO Stories



A lot of companies do make it that easy, you can tie VPN access to a MAC address, but that can be modified, you could tie it to system information but that’s an upkeep nightmare, you can write a validation application but that also creates problems. For corp IT it’s a huge problem, but Apple could improve it by adding Touch ID to Macs grin


You can also use cryptographic certificates or a “token” system (a device that tells you an extra sequence of numbers to type in, but that changes every few seconds) to additionally secure the VPN.

I heard an account by an Apple employee who said that an Apple retail employee once used his access to the corporate VPN to go poking around and found some test machines with weak passwords on them. Logging into those allowed him to see the latest in-development version of OS X and other apps. Maybe even see unreleased hardware. So this idea of buying a username/password would have been a security hole some years back. I imagine Apple has hardened their security a bit since then. At least in this case that test lab had all the passwords changed to something more complex.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account