Key Takeaways:
- MetaMask cautions consumers about Apple iCloud password phishing attacks.
- Users risk losing money if their Apple password isn’t “strong enough.”
- The security vulnerability affects iPhone, Mac, and iPad users based on their default settings.
MetaMask has issued a warning to the community about Apple iCloud phishing attacks. The security risk for iPhone, Mac, and iPad users stems from default device settings that save a user’s seed phrase or “password-encrypted MetaMask vault” on the iCloud if the user has enabled automatic backups for their app data.
Customers risk losing funds if their Apple password “isn’t strong enough” and an attacker can phish their account data, according to MetaMask in a Twitter thread posted on April 18.
If you enable automatic iCloud backups of your MetaMask wallet data, your seed phrase is stored online, making it accessible to hackers. These attackers can then steal your funds right in front of your eyes.
The MetaMask vault is stored in Apple users’ iCloud passwords, it can result in “stolen monies,” they taught individuals how to stop their iCloud backups to minimize phishing attacks. Here’s what you need to do if you’re a MetaMask user:
Turn off the Backups toggle by going to Settings > Profile > iCloud > Manage Storage > Backups.
To prevent iCloud from “shocking” you with backups you didn’t authorize, go to Settings > Apple ID/iCloud > iCloud Backup and disable it.
A security issue resulted in the loss of $650,000 in digital assets from an NFT collector’s account. Scammers gained access to his MetaMask account with iCloud data. The victim received text messages requesting that he update his Apple ID password, as well as a phone call from Apple with a forged caller ID.