iPhone/ShutterStock
A security hole has been exposed in the Apple ID password recovery system, and sophisticated cybercriminals are exploiting it in a new and dangerous attack - as reported on the KrebsOnSecurity website. The goal: to take over the Apple accounts of users around the world and steal their personal information.
How It Works? The attackers bombard users' devices with password reset requests in order to make them reveal sensitive personal information. According to the publication, the attackers are exploiting a combination of the security breach with the "MFA fatigue" technique - multiple password reset requests that make it difficult for the user to identify the real request. Victims are inundated with password reset notifications on their devices, which disrupts their use and exposes them to stress.
And the attack doesn't stop there. After being inundated with password reset requests, many users report receiving a call from someone posing as Apple's official support. In fact, the attackers are trying to take advantage of the pressure and confusion caused by the attack to make users reveal their Apple ID account login details, sensitive personal details and even payment methods.
After being inundated with password reset requests, many users report receiving a call from someone posing as official Apple Support/ShutterStock
"The attackers use personal information collected from information leaks and various sources to gain the trust of the victims," says Tom Malka, Head of Cyber Research at RAKIA GROUP, in a conversation with Walla! technology. "The latest case of attacks on Apple users illustrates the importance of being aware of cyber threats and taking basic precautions, such as not sharing password reset codes with anyone, and being suspicious of unexpected alerts or calls."
Malka also adds that "the attackers also try to "wear out" the users by sending countless push notifications in order to stress the user and make the device less responsive for a short period of time. If you experience something similar, I would recommend changing the email you use Apple to a new email ( (hopefully) will not leak."
More on the same topic:
iPhone
Dark