No company can guarantee that their software is 100% secure. None. iOS, Android, Windows, macOS and Linux are operating systems that have security flaws, although they are not easy to find. The same happens with the servers where the data of large companies is stored.
Last year, we echoed a story in which we talked about how a young man, who claimed to be an Apple enthusiast, had accessed the company's servers and downloaded a large amount of data. This 16-year-old did not do it alone, as he was helped by another 13-year-old. Both were arrested and brought before a judge in Australia.
These young people got employee-level access to Apple servers for quite a while and downloaded about 1 terabyte of information described as backup files. Initially it was stated that it was "only" 90 GB.
Apple detected the access even though the two young men used VPN services and other tools to mask their real IP. Apple managed to locate them by register in the access the serial number of the MacBooks that he had used to make the excursion on the servers of the Cupertino-based company. These serial numbers were linked to purchase records that allowed their identification.
Australian authorities collaborated with the FBI to carry out the arrest. The first was sentenced to 8 months while the second 9 months. Both are already in freedom since the court has taken into consideration three mitigating factors. The first that they are minors. The second that they did not know the damage they were doing and that they believed that they were showing their computing talent so that Apple, at some point, would offer them a job. Thanks to these mitigations, the two young men have avoided going to prison.
