Remember the Fappening?

Some time ago, back in 2014, I wrote about the Fappening, when someone hacked a bunch of Apple cloud accounts and stole personal pictures of famous celebrities.

Turns out that some of the victims to this hack was due to a spearphishing attack and not just the iBrute attack as originally thought, the attacker, named Ed Majerczyk, sent the following to potential celebrity victims.

“Your Apple ID was used to login into iCloud from an unrecognized device on Wednesday, August 20th, 2014. Operating System: iOS 5.4 Location: Moscow, Russia (IP=95.108.142.138) If this was you please disregard this message. If this wasn’t you for your protection, we recommend you change your password immediately. In order to make sure it is you changing the password, we have given you a one-time passcode, 0184737, to use when resetting your password at http://applesecurity.serveuser.com/. We apologize for the inconvenience and any concerns about your privacy. Apple Privacy Protection.”

According to the FBI, Ed breached 330 unique iCloud accounts from his home a total of over 600 times in 2014. Once breached, Ed downloaded the entirety of a victim’s iPhone camera roll and uploaded it to the popular 4chan.

This entry was posted in Security Blog and tagged , , , , , , , . Bookmark the permalink.