General You may want to hold off on that jailbreak!

[ronkuba]

On Reddit they discussing the compromise of people's Twitter, Facebook, PayPal and bank accounts after jailbreaking.
https://www.reddit.com/r/jailbreak/...ssion_is_pangus_jailbreak_safe_an_hour_after/

 

[Knowlege Bomb]

Wow. This is a first.

Glad I used the method that didn't require an iTunes login.

 

[willmtaylor]

Yikes. Not good.

 

[sawah]

I never had to give my login.

 

[bandofbrothers]

From looking at the Reddit thread it seems the Op JB from their computer and let the Chinese App Store download too.

Possibly a virus has infected their Computer as per a virus scan.

I personally JB via the safari method which required no Apple ID and no information and I unchecked their App Store.

I change my passwords regularly.

No breach on PayPal,Facebook,Twitter.

Thank you for highlighting this and I'll be watching closely.

 

[jdaniel]

From looking at the Reddit thread it seems the Op JB from their computer and let the Chinese App Store download too.

Possibly a virus has infected their Computer as per a virus scan.

I personally JB via the safari method which required no Apple ID and no information and I unchecked their App Store.

I change my passwords regularly.

No breach on PayPal,Facebook,Twitter.

Thank you for highlighting this and I'll be watching closely.

same

 

[JackieInCo]

I used an old me.com address that was banned from making purchases in the iTunes store about five years ago. I have no worries.

 

[NewdestinyX]

Yep. Zero fears here either.

 

[ipos]

Burner Apple ID also affected?

 

[Will22]

So if people used the Safri way to Jailbreak they are safe, is this right?

 

[EM2013]

The op of the thread said he used a burner Apple ID and was still hacked.

Jailbroke through safari and I uninstalled that pp app first chance I got.

 

[bandofbrothers]

So if people used the Safri way to Jailbreak they are safe, is this right?

In essence Yes as they didn't input any information, even a burn Apple ID.

I also unchecked the box to download their App Store via the Safari way.

From reading Reddit it 'appears' to be the tool on the computer that maybe causing something malicious although some known people have de constructed the tool and cannot find anything malicious.

 

[ipos]

From looking at the Reddit thread it seems the Op JB from their computer and let the Chinese App Store download too.

Possibly a virus has infected their Computer as per a virus scan.

I personally JB via the safari method which required no Apple ID and no information and I unchecked their App Store.

I change my passwords regularly.

No breach on PayPal,Facebook,Twitter.

Thank you for highlighting this and I'll be watching closely.

He downloaded using the Chinese version pangu to jailbreak?

 

[Jumpie]

I never had to give my login.

I used a burner account first. Then on my Pro, it never asked for an account just a captcha.

 

[blownco]

i used my regular account and nothing has happened.

 

[oconnell84]

I can confirm that I downloaded the pphelper and ran it via win 10 with zero problems. Only issues I encountered was my paypal app didn't load. Seems that's the main issue on Reddit. I just deleted it. So far so good

 

[AGuerrav]

What about the pp app on the phone, should we delete it? How?

 

[oconnell84]

Open Cydia, then go to installed then scroll to the PP app then remove.

 

[oconnell84]

You can delete the one of the two apps it installs via the traditional method of removing an app.

 

[NewdestinyX]

I think we can all calm down about this issue.. Read Saurik's (creator of Cydia) words about this. He knows more than anyone about this. Particularly the last paragraph.

I don't particularly like the concept of installing the 25PP tool (edit: this sentence used to say "trust", but I think that was confusing), as Chinese companies tend to have software that is pretty intrusive and even "combative" against competitor's software, and in general I am concerned about the way people do signature stuff (as it is just so much easier to do the signing on a server...) which is why I worked so hard to make Impactor be able to do all the signing and communication locally. That said, 25PP's profit model would probably benefit from local signature work, so I can see them having the existing expertise and taking the time to do that "correctly". (And a lot of my concerns about this sort of software are from threats that would manifest as something more diabolical than "they stole a small of money from my PayPal account", and even might end up coming from the Chinese government and not some specific company.)

I will also say I trust Pangu a lot... but I don't know if the Chinese version of their app was only touched by them. I bet the English one was their work only, though you are downloading it from 25PP, which opens some issues: do you trust the employees at 25PP with control over their servers? I would say that it would be dumb to do quickly be trying to attack people rather than racking up more credentials before anyone becomes suspicious. You have to remember that there are millions of people who jailbreak. And Pangu specifically listed this subreddit on their website as a place to talk to people about their issues, so we are going to be seeing tons of people. Do we really have evidence that this is an issue with the jailbreak process as opposed to a string of random attacks that are being noticed here because we are all being extremely suspicious this week?

If anything, I bet there was just some website, maybe it was even one we all use more often than other people (like reddit! ;P) which was hacked in some way, and people were sharing passwords between there and PayPal, and that hack just happens to have happened at about the same time the jailbreak came out.

 

[JackieInCo]

The only suspicious thing I had happen was logging into my Instagram account yesterday gave me a warning that they noticed suspicious activity on my account. It sent a code to my email and then I changed the email associated with that account.

 

[Totally]

Good thing I'm still jailbroken on 7.1.2

 

[h9826790]

Burner Apple ID also affected?

No, AFAIK, so far only those who enter their real Apple ID during jailbreak, AND use the same login name + password for other accounts got affected.

 

[Latinking25]

I jail broke via computer and didn't get a Apple ID login, only a captcha. After jailbreak was complete, I uninstalled the software of which I jail broke from & ran a full virus scan & nothing turned up. None of my accounts have been compromised either.

 

[NewdestinyX]

Good thing I'm still jailbroken on 7.1.2

Oh gosh.. what a horrible iOS... and unstable JB... But each to his own..