Apple admits fake log in sites have compromised iCloud accounts

However, another chink in Apple's armour has emerged amid reports of an organised password phishing scheme using fake iCloud log-in pages used to steal user information, and ultimately, the content within each account.

A statement released on Apple’s support page confirmed that 'phishing' pages were stealing accounts and passwords, although it did not mention where, or how many reported breaches had taken place.

Chrome, Safari and Firefox warn users that the sites are unverified, and as a result, do not receive a security certificate. Apple has warned users to only enter their information if a lock logo appears in the address bar.

Apple said: “We’re aware of intermittent organised network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.

“The iCloud website is protected with a digital certificate. Users should never enter their Apple ID or password into a website that presents a certificate warning.”

According to the Guardian, the ‘man-in-the-middle’ attack was perpetrated by the Chinese government in a bid to gain access to iCloud with the attacks beginning the day the iPhone 6 and 6 Plus, which now communicate using inaccesible encrypted channels, were released in China on Monday 20 October.

Early in September, Apple chief executive Tim Cook admitted that Apple could do more to inform users how to make their iCloud accounts more secure.