Apple Computer Data Breach (2015)

In September 2015, Apple managers had a dilemma on their hands: should, or should they not notify 128 million iPhone users of what remains the worst mass iOS compromise on record? Ultimately, all evidence shows, they chose to keep quiet. Further Reading Apple scrambles after 40 malicious “XcodeGhost” apps haunt App Store The mass hack first came to light when researchers uncovered 40 malicious App Store apps, a number that mushroomed to 4,000 as more researchers poked around. The apps contained code that made iPhones and iPads part of a botnet that stole potentially sensitive user information. The infections were the result of legitimate developers writing apps using a counterfeit copy of Xcode, Apple’s iOS and OS X app development tool. The repackaged tool dubbed XcodeGhost surreptitiously inserted malicious code alongside normal app functions. From there, apps caused iPhones to report to a command-and-control server and provide a variety of device information, including the name of the infected app, the app-bundle identifier, network information, the device’s “identifierForVendor” details, and the device name, type, and unique identifier.