Here’s another reason not to jailbreak your iPhone.
Some 225,000 Apple accounts have been stolen by malicious software installed on unlocked iPhones, in what is purported to be one of the largest known thefts of its kind.
Palo Alto Networks said malicious software, which it dubbed KeyRaider, pilfered Apple account usernames, passwords and device IDs by intercepting iTunes traffic on the device.
The victims, many of whom live in China, made themselves vulnerable to attack — first by jailbreaking the device, or removing hardware restrictions on Apple’s iOS. Then, they installed an application from an unauthorized store.
A student at Yangzhou University discovered the attack earlier this summer, after he and other members of an amateur technical group began investigating reports that some users’ accounts were being used to make unauthorized purchases. By examining the various jailbreaks, they found one version that collected user information and uploaded it to a suspicious site.
At least one security analyst dubbed the breach a non-issue that touches a small fraction of iPhone users.
“It only affects jailbroken phones using alternative app stores and demonstrates why we’ve been advising against jailbreaking devices or allowing jailbroken devices in a corporate environment for a long time,” Chris Camejo, senior vice president of NTT Com Security, said in a statement.
Apple did not have immediate comment on Monday.
This article originally appeared on Recode.net.