Read at Theregister
A cybersecurity researcher and his associate are facing charges for allegedly defrauding Apple of $2.5 million. They gained access to Apple's systems through a third-party contractor and ordered gift cards and hardware. They then sold the stolen items to third parties.
Noah Roskin-Frazee and Keith Latteri are alleged to have gained access to Apple's systems via a third-party contractor and ordered gift cards and hardware to the value of $2.5 million and $100,000 respectively.
The defendants used Apple's Log Program and Toolbox program, which allowed them to search products, order replacements, and edit orders. They also had access to the Jamf MDM platform, operated by the third-party contractor, which allowed configuration changes to be made to Apple devices. One of the defendants even used a stolen gift card to purchase Apple software for their personal account.
One of these is a Log Program that allows customer support to search Apple products and order replacements. Another is the Toolbox program which allows customer support staff to edit orders for a limited time after they're made.