Hacker Claims to Have Stolen Three Internal Apple Tools During Data Breach
Credit: whiteMocca / Shutterstock
Toggle Dark Mode
A threat actor has leaked the source code for what they claim are three internal tools used by Apple stolen in a supposed breach that Apple has yet to confirm. The bad actor claims to have gained access to the source code after getting into Apple’s servers earlier this month.
A post by DarkWebInformer on X, claims the threat actor “IntelBroker” has leaked code that’s allegedly from Apple.
MAJOR DATA BREACH IntelBroker has allegedly leaked #Apple‘s Internal Tools.
IntelBroker has released the internal source code to 3 of Apple’s commonly used tools for their internal site,
In June 2024, http://Apple.com suffered a data breach and lead to the exposure of some of their internal tools.
Exposed Project tools:
AppleConnect-SSO
Apple-HWE-Confluence-Advanced
AppleMacroPlugin
Posted to a hacker forum, the post allegedly contains the “internal source code” to three of the “commonly used tools” Apple has for internal purposes.
As seen above, the three tools are identified as AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin. AppleConnect-SSO allows Apple employees to authenticate to access several other applications available on Apple’s internal network; however it should be noted that this tool has been depreciated for several years.
Apple-HWE-Confluence-Advanced is another similar — and depreciated — tool that also requires employee authentication, although little is known about its or the AppleMacroPlugin’s capabilities.
The IntelBroker forum post does not offer any details about the shared apps or the motives behind their sharing. While we usually see offers to sell data or source code from high-profile breaches, we’re not seeing anything like that here.
AppleInsider says it reached out to Apple for clarification but has yet to hear back from the Cupertino company.
Apple is not the only company that IntelBroker claims to have data from. The account has made claims that it is selling data from an AMD breach in June. The data gleaned from the breach is said to include information about future AMD products, customer databases, employee information, finance information, and more.
IntelBroker has shared screenshots of some of the supposedly stolen AMD credentials. However, they have not disclosed how much the information is being sold for or how the data was obtained.
“Today, I’m selling the AMD.com data breach. Thanks for reading and enjoy!” the bad actor wrote in a post on the hacking forum.
The threat actor also claimed that the data includes an employee database that contains employee user IDs, their first and last names, their job functions, business phone numbers, email addresses, and their employment status.
AMD is reportedly investigating whether the data breach actually took place.
“We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data,” AMD told BleepingComputer in a statement. “We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data.”
IntelBroker is perhaps best known for the DC Health Link breach, which exposed the personal data of U.S. House of Representatives members and staff, and was also behind the breach of the Europol Platform for Experts web portal, which is used to share information among law enforcement agencies in various countries.
