AntiSec posts passwords from Apple survey server (updated 5x)

WSJ reports that hacking group “AntiSec” (short for Anti Security) has hacked an Apple server. To prove its point, the group posted the username and password combos for 27 root and admin accounts from the users table in a mysql database on a machine apparently used to conduct surveys for the Cupertino computer maker.

Here’s a list of the compromised accounts (sorry no link love). The passwords were posted in a similar fashion, immediately below it.

AntiSec is comprised of hackers from both the online vigilante group Anonymous and hackers from the now-defunct Lulz Security, according to the report.

The hackers said in a statement posted to Twitter that they had accessed Apple’s systems due to a security flaw used in software used by the Cupertino, Calif.-based gadget maker and other companies. “But don’t worry,” the hackers said, “we are busy elsewhere.”

The breached server (http://abs.apple.com/fsurvey/survey.html?l=en) appears to be one of Apple’s servers for conducting technical support follow-up surveys. Here’s an image from the Google cache:

Apple hasn’t commented on the extent of the breach, so it’s unclear whether any customer data was compromised.

Update: 9to5Mac thinks that AntiSec’s Apple claim is relatively benign, noting that LulzSec claimed responsibility for breaching iCloud on June 21:

After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck.