Security researchers have revealed a potential data breach involving the personal and financial information of around 10,000 customers of VirtualMacOSX.com, a cloud-based macOS service provider.
VirtualMacOSX.com is an online service that offers remote access to macOS environments for development and whatever other purposes people might need it. The service has nothing to do with Apple itself, but the virtualization is carried out exclusively on Apple hardware.
Details of the breach
Security researchers from SafetyDetectives found the information on an online forum notorious for hosting database leaks and cracked software.
The user who posted the information didn’t stop at simply making the claim; they also published a 34-line sample of the database, with the full dataset made freely available to registered users who interacted with the post.
The compromised data includes:
- User IDs
- Full names
- Company names
- Email addresses
- Physical addresses
- Phone numbers
- Passwords and password reset keys
- Bank account details, including bank names, types, codes, and account numbers
- Support ticket information, such as IP addresses and full message contents
While the data looks authentic, SafetyDetectives could not verify its origin.
Potential risks
If the data belongs to VirtualMacOSX.com customers, the breach poses several risks, as is the case with any kind of leaked information:
- Increased risk of identity theft
- Email addresses and other details can be exploited to build convincing phishing emails.
- Access to passwords and reset keys can lead to unauthorized account access.
- Banking and other financial details could be used for fraudulent transactions.
VirtualMacOSX.com has not yet issued a public statement regarding the supposed data breach.