VirtualMacOSX.com user data exposed in breach

Macworld

Cybersecurity researchers SafetyDetectives reported on Friday about a data breach involving VirtualMacOSX.com, an online provider of cloud services targeted at Mac users. The breach involves data that “belongs to 10,000 of its customers.”

SafetyDetectives states that it found a post publicizing a VirtualMacOSX.com database in a forum known for data leaks, cracks, and more. Access to the data was given to those who replied to or liked the post. The data included sensitive information, including full names, financial data, contact info, and passwords. Analysis by SafetyDetectives led them to believe the data is genuine, but the researchers “refrained from testing the exposed credentials” to verify the data due to ethical concerns.

VirtualMacOSX.com describes itself as an “affordable, Mac-based home on the web. We offer Mac OS X server plans hosted from our state of the art datacenters in Western Canada (Serving the Americas and Pacific Rim) and Eastern Canada (Serving the Americas and Middle East/Europe).” Plans start at $12.75 per month for an hour of use a day and 2GB of storage. 

According to Trustpilot, Canada-based VirtualMacOSX.com averages a rating of 2.5 out of 5 in Trustpilot reviews, with 48 percent of the reviews rated as 1 star. SafetyDetectives calls itself a pro-bono “publishing group of cybersecurity experts, privacy researchers, and technical product reviewers.”

Macworld contacted VirtualMacOSX.com via email for comment on the report.

How to protect yourself from data breaches

The breach covered here doesn’t involve a macOS vulnerability, but one at a service provider. It is not known how an outside party accessed VirtualMacOSX.com’s database and whether the data was encrypted or not. If it was encrypted, it appears that the threat agent had the keys to decrypt the data.

In an instance where you believe your data was exposed in a data breach, there are a few steps to take to protect yourself:

If you continue to use the service that was breached, change your password and enable two-factor verification.

Check your credit report and freeze it. This will help block unauthorized approvals to financial services that are being made in your name. If you need to sign up for a service (such as a loan or credit card), you can temporarily unfreeze your account so a credit check can be performed.

Check your records for all of your financial institutions. If you access them online, change your passwords and enable two-factor verification. Some institutions also provide alerts when attempts are made to access your account.

Use a service such as Have I Benn Pwned to see if your email address was involved in a data breach.

Apple releases security patches through OS updates, so installing them as soon as possible is important. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.