Beijing time August 26th According to Apple Insider, the vulnerability of Apple's online store and mobile insurance company Asurion website has caused tens of millions of mobile phone account passwords to leak. The vulnerability has now been fixed.
Apple Insider quoted the BuzzFeed News article as saying that the vulnerability in Apple's online store leaked "more than 72 million" T-Mobile user passwords.
Apple's online store account authentication page requires users to enter the T-Mobile mobile phone number and password or social security number —— may allow hackers to enter information indefinitely, using the library to guess user account information.
In addition, the Asurion website was also exposed to vulnerabilities, causing AT&T customers' passwords to be compromised. One researcher said that the cause of the vulnerability could be a technical error, and the problem was during the connection of a T-Mobile API (application programming interface) to the Apple website.
Apple vulnerabilities have nothing to do with the T-Mobile server security system being compromised. The attack on the T-Mobile server caused about 3% of the user's personal information to be compromised.
After BuzzFeed's researchers pointed out the vulnerability, Apple and Asurion have been fixed in time.