According to Apple Insider's August 25th Beijing time, local media reported on Friday that although it has been fixed, the vulnerability of Apple's online store and mobile insurance company Asurion website leaked the passwords of millions of mobile accounts.
BuzzFeed News said that the vulnerability in Apple's online store leaked 'more than 72 million' T-Mobile user passwords. The Asurion website was exposed to another vulnerability that affected AT&T customers' passwords.
After BuzzFeed shared the vulnerability discovered by the researchers, Apple and Asurion have fixed the vulnerability as soon as possible. Apple's online store account authentication page, requiring users to enter the T-Mobile phone number and password or social security number - may make the hacker unlimited Enter the information, use the collision library to guess the user account information.
One researcher said that this could be a technical error, and the problem was when a T-Mobile API (application programming interface) was connected to the Apple website.
The Apple vulnerability has nothing to do with the T-Mobile server security system being compromised. The T-Mobile server was attacked, causing about 3% of the user's personal information to be compromised.