Skip to main content

Threat actor claims to have breached Apple, allegedly stealing source code of several internal tools

Notorious threat actor IntelBroker, who previously claimed responsibility for other high-profile data breaches, including those of U.S. government systems in April, allegedly leaked the source code of several internal tools used at Apple via a post on a dark web forum.

According to the post by IntelBroker, “In June 2024, Apple.com suffered a data breach,” presumably at their hands, that led to the exposure. The threat actor claims to have obtained source code for the following internal tools:

  • AppleConnect-SSO
  • Apple-HWE-Confluence-Advanced
  • AppleMacroPlugin

While little is known about Apple-HWE-Confluence-Advanced and AppleMacroPlugin, AppleConnect-SSO is an authentication system that allows employees to access specific applications within Apple’s network. The system is integrated with the company’s Directory Services database, which ensures secure access to internal resources.

On iOS, employee-only applications use AppleConnect-SSO for quick and secure authentication. An ex-Apple retail employee told 9to5Mac AppleConnect serves as the employee equivalent of an Apple ID and is used to access all internal systems, with the exception of email. This tool has been integrated into multiple internal services used by Apple Store employees, including Concierge, EasyPay, and MobileGenius, as well as websites like AppleWeb and PeopleWeb, among others.

IntelBroker post on BreachForums dark web message forum. Screenshot via HackManac on X.

IntelBroker did not provide any further details in the post. It appears that the data could be for sale, though it is unclear. Nonetheless, it is important to emphasize that this alleged breach is localized internally and has no apparent impact on Apple customer data.

A source familiar with the matter told 9to5Mac that most dark web forums try to uphold a strong vetting process to weed out scammers who want to sell “leaked data” that they do not possess. While this is always a non-zero possibility, IntelBroker has a growing reputation.

The cybercriminal is known for breaches on large organizations such as AMD (posted just yesterday and currently under investigation), Zscaler, General Electric, AT&T, Home Depot, Barclays Bank, and government agencies such as Europol and the U.S. State Department.

We’ve reached out to Apple for comment and will update if we hear back.

Follow Arin: Twitter/X, LinkedIn, Threads

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications