this is great information basically it helps many of us that doesn’t even have a clue that apple is literally keeping our passwords in their service from losing our assets.
just imagine someone saving up their investment in wallet using apple products and turns out the asset gone just because apple is trying forcing their service, I think if i remember correctly android also saves some password in their service but I could be wrong since I haven’t used android anymore for quite sometimes but I know that gdrive is kinda similar with apple iclouds. regardless i think these service providers like the big company apple and google should give options for usage of their service and gives warning beforehand.
Topic: A new warning for iPhone and Apple product users - page 2. (Read 311 times)
Isn't the metamask password has been encrypted ? How about other wallets on my phone ?
For example i use trust wallet on my phone, will icloud automatically save the credential of my trust wallet too ?
We should be able to setting the cloud backup so not all the data in our phone automatically getting uploaded to the cloud.
For example i use trust wallet on my phone, will icloud automatically save the credential of my trust wallet too ?
We should be able to setting the cloud backup so not all the data in our phone automatically getting uploaded to the cloud.
You better turn off auto backup on your phone and never give OTP to any stranger. The victim in this case is he has backed up everything on iCloud and he gets a request to change his apple id password. He carelessly did not check carefully and gave the OTP code to the hacker, the hacker accessed the victim's iCloud and stole the metamask data.
As long as you don't give your password or OTP to anyone, including support staff from the company. You will still be safe, but it is best to buy yourself a cold wallet to ensure safety.
Are there any similar case for android users? This should be at the top of discussion, most users are android and installed Metamask on their phones. Oh my, I was planning to buy an Iphone, icloud is a very nice features especially when you've lost your apple gadget. I wouldn't dare to turn it off, I was using iphone way back before I entered crypto but I am not aware of this until now.
Thank you for sharing this one, I already disable it a year ago I am not really fan of any automatic online backups since I am not comfortable storing my information or any of my files online and we are not sure whether that website or storage is safe or not including the dropbox of the Apple.
So, basically never use any cloud storage to store anything regarding money and related data. It is not safe anyway, they are easily hackable, so quite risky.
Isn't the metamask password has been encrypted ? How about other wallets on my phone ?
For example i use trust wallet on my phone, will icloud automatically save the credential of my trust wallet too ?
We should be able to setting the cloud backup so not all the data in our phone automatically getting uploaded to the cloud.
For example i use trust wallet on my phone, will icloud automatically save the credential of my trust wallet too ?
We should be able to setting the cloud backup so not all the data in our phone automatically getting uploaded to the cloud.
Actually, it's not just for iCloud. Applies to all cloud backups. I pay attention to the people around me, they provide everything from their photos to password backups on cloud uploads. But hijacking these accounts means stealing everything that belongs to you at once. That's why I put both encryption and fingerprint recognition on all my wallet applications. I write down private keys in a notebook and then I do not use these keys anywhere unless necessary. I recommend this to you too.
The Metamask team should monitor the effects of certain apps or features in all types of phones. This may not have been discovered it there wasn't a victim. Poor lad losing all that money but it's also his fault for not using more secure wallets.
It is the reason why people shouldn't be saving their keys in a cloud storage. A lot must learn from this that if you ever save your keys or seeds on the cloud, you're really prone to this even the software or system you use is very secured. There's always a possible flaw and hole in these systems that would really be able to target those important details or screenshots of your keys. This common act is making these hackers aware of what they must do through social engineering.
Whenever I hear the word "cloud", I always steer clear any means to access my money from it. I won't even include my personal information to it, even if they claim that they do not access whatever you store there.
Always remember that if a platform is being managed or was coded by somebody, assume that you are willing to give them whatever you put it in there.
Always remember that if a platform is being managed or was coded by somebody, assume that you are willing to give them whatever you put it in there.
Thanks for the warning, this is very important. You should not store any important data on the Internet, even if it is encrypted, because this is very dangerous and can expose your data to hacking and stealing your wallet and accounts. Personally, I do not store any data on the Internet, but I write it on paper and disable the feature Save data to cloud storage because it is very possible that your data storage site will be hacked and then you may lose all your assets.
Disable iCloud automatic backups in your iPhone or apple product if you are running any crypto wallets on the phone, why? iCloud will make your encrypted vault password available online, meaning if someone or an hacker phishes your ICloud credentials your fund will vanish into thin air.
Thanks for sharing up!Pretty much sure that there are lots of users of Iphone arent really that mindful about having that icloud back up but honestly bypassing someones password of your Icloud credentials isnt something that
easy to be done therefore i dont really mind much about security issue about this but its better to be safe than sorry.Its never been good on making out some storage of your coins or assets
on a mobile phone specially if we do talk about large sums because you wont know on what would happen next.
Encrypted data? Then what is the point of encryption at all and this is another proof to the Apple lovers to realize it is also not safe and no matter anything is 100% secure when its connected to internet. Is there any reply from the Apple company about this Metamask warning?
The data has been deleted from my cloud.
And do you now really believe that everything that you decided to delete has been deleted? It's the internet, mate. Everything that fell into the clutches of the iPhone and Apple is never deleted. They just give you the illusion of security, nothing more. Surveillance and more spying on users, that's the motto of this company.
Apple is infamous for storing information their users never wanted to share to begin with, so while a mobile wallet could make sense as a wallet in which you keep a small amount of capital to spend online, it must never be the main wallet in which you store your coins or from which you make important movements since it is simply impossible to secure it properly.
-snip-
What are you talking about? any material support this case ?The suspect of this case, is mostly brute force data or phishing. Example brute force data, while you have the same information (one for all) like your password. So, example some marketplace getting data breach.
The buyer data, can tested to different platform to see if user also set up a same password for other too.
Disable iCloud automatic backups in your iPhone or apple product if you are running any crypto wallets on the phone~
You didn't post the tweet fully which includes the way to disable it.Here is the full reference:
iCloud will make your encrypted vault password available online, meaning if someone or an hacker phishes your ICloud credentials your fund will vanish into thin air.
I think not strong enough Metamask password also plays its parts here. In the first scenario, if some users got their iCloud creds leaked, it is safe to say that likely the user didn't have a good enough security awareness. I won't be surprised if both credentials have similarities.while Apple has promised you that your data are encrypted, note anything encrypted can be decrypt.
The word of promise and encryption itself is contradictory. After all, we can't be sure that Apple didn't have any master key for their products 
Due to security leak in MetaMask, someone lost $650,000 worth of NFTs in a phishing attack : https://twitter.com/revive_dom/status/1514751885126914051
The full story was published days ago : https://watcher.guru/news/metamask-warns-apple-users-as-a-man-lost-650000-in-a-phishing-scam
The most impressive part is that there is no reply from Apple company about this Metamask warning. Neither from MetaMask team as well who should be aware about the case.
The full story was published days ago : https://watcher.guru/news/metamask-warns-apple-users-as-a-man-lost-650000-in-a-phishing-scam
The most impressive part is that there is no reply from Apple company about this Metamask warning. Neither from MetaMask team as well who should be aware about the case.
Once you enable automatic function to store your data to the icloud and this will become a disaster for sure. thank you for OP as this thread is very useful for anyone. As long as someone can keep their icloud securely and that will be fine if he was storing his data into the icloud but when he can't keep it secure and this will become a horrible thing for sure as his data may be downloaded by hacker and then it will be hacked. All of money in the wallet will be stolen. It's better to store any data into the offline hardware
online storage "Icloud or anything" related to digital assets is indeed very dangerous if it is successfully hacked.
never use the cloud to store crypto-related assets. or store in any cloud that is online data storage.
it is better if the password or password is stored offline, that is, by writing it in a book or small note that you keep in a safe place that only you know.
stay alert and be careful storing keywords.
never use the cloud to store crypto-related assets. or store in any cloud that is online data storage.
it is better if the password or password is stored offline, that is, by writing it in a book or small note that you keep in a safe place that only you know.
stay alert and be careful storing keywords.
Never use the Cloud for saving anything that has connection with assets and money. I learned about that Cloud with a friend who is looking for help to fix his Iphone. I tried and was surprised I could see all his passwords just by opening the Cloud. It's not safe, I'd rather stick with my Android and use a memory device to save some information but still never the passwords.
The best option is to write it down and burglary will be the only thing you should be worried about in case they know you own cryptos.
The best option is to write it down and burglary will be the only thing you should be worried about in case they know you own cryptos.
Jump to: