Savvy Apple fans around the world were elated to learn that a tool had finally been released to jailbreak iOS 9.3.3 and other recent iOS builds on the iPhone and iPad. People had been waiting impatiently for the jailbreak for months, and there was a rush of interest once it was finally let loose by a well-known team of China-based iOS coders called Pangu Team. Then, just a few short days later, a new tool was released that let users jailbreak their iOS devices without even having to connect to a computer — it really couldn’t be easier.
Unfortunately, the party came to a screeching halt for some users this past weekend when they discovered that shortly after jailbreaking using the newly available Pangu tool, they suffered breaches to their credit card accounts, debit card accounts, PayPal accounts and even some Facebook accounts.
Some users have taken to the jailbreak subreddit on Reddit to complain that various accounts have been compromised after they performed the most recent jailbreak using the new Pangu tool. According to posts in that subreddit, users have noticed unauthorized access to their credit card, debit card, PayPal and Facebook accounts after using the new tool.
Needless to say, a number of users were quick to point fingers at the Pangu Team despite its long history in the jailbreak community. While nothing has been proven one way or the other for the time being, Pangu posted the following response to the accusations on Twitter:
Neither we nor 25pp would be so stupid to make money by hacking users paypal account via jailbreak tool. We hope to find out the truth asap.
— PanguTeam (@PanguTeam) July 31, 2016
Members from the Pangu team then registered a new Reddit account that has been verified as authentic, and they published the following response on a thread questioning whether or not the new jailbreak tool is safe:
Hello everyone, this is the 4th jailbreak tool released by our team which means we should have some reputation even though we come from China(And we know most western users don’t trust Chinese software normally). So if any user thinks we are hacking your accounts that makes us feel sad deeply. Also we have not received any report of account breach from Chinese users. So may I ask those who have account breach issues, which version did u use, the CN or EN version? And we noticed that my space and tumblr account data are leaked this year, have u checked that if u are using same account? We want to find the root cause of this asap.
The team added some more thoughts in a subsequent post:
We spent so much time to read the posts here and some users also have account breach issue by using the EN version? We of course talked with 25pp and they totally have no clue about this. We are also checking if their PC tool has some security flaws which may enable hackers to attack from network sniff. But as far as now, we don’t find anything suspicious.
Pangu has built a reputation over the years and while we have no conclusive evidence one way or the other, we find it highly unlikely that the team is behind these breaches. At the same time, it seems apparent that these breaches are connected in some way to devices that have been jailbroken, so our advice is to be even more cautious than normal for the time being, and perhaps avoid the new jailbreak until this is all figured out.