A list of 3.8 million iTunes accounts has been dismissed as not being genuine.
Featuring email addresses and passwords, the list was only online for a short time but was available via cached page. People on the list contacted by IT Security Guru did not respond to emails.
Steve Lord, technical director of Mandalorian, told IT Security Guru that it was hard to substantiate if they were genuine or not, but offered some doubt as Apple passwords must be at least eight characters. “If the accounts with weak passwords were created before the policy change and not changed afterwards, they might still be valid,” he said.
Andrew Barratt, CEO of Coalfire, said that it appears that a lot of the accounts are based in the UK looking at the geo-location of the IPs and indicators from the names and passwords, and suspected that it may not be iTunes accounts, but some of the accounts might be legitimate.
“Looking at the dates and times they could well be legitimate and timely, there are lots of Gmail/Hotmail which means they could have been phished on mass,” he said. Barratt also suspected a link to hacker groups.
Stephen Coty, chief security evangelist at Alert Logic, looked at the data and found that there were some errors. “The group who took the data was AntiSec, which is a splinter cell of Anonymous and Lulz,” he said. “The data was tracked by third party researchers to a data dump in 2012.”
He believed that it was a section of 12 million accounts stolen and published in 2012. He said: “This is being re-released for the notoriety and it is very topical with the recent claim about an iCloud breach a few months ago, that lead to celebrity photos being released.”