Popular calendar app, Sunrise, is the latest to be targeted by hackers who managed to access the app’s database provider, MongoHQ on October 27, 2013. Attackers were able to access customer data, but Sunrise is giving assurances to customers that the app’s industry standard encryption has kept customer data secured, including valuable credit card and banking information.
However, Sunrise sent an email to users on Saturday evening detailing the breach and advising users to change their iCloud password, which was used to sync the app’s new iOS7 calendar feature.
If you connected an iCloud calendar to Sunrise, even though we don’t store any credentials, the security breach may have put some of your calendar data at risk. As a precautionary measure, we recommend that you change your iCloud password and reconnect it to Sunrise: simply click here and then click on “Reset your password” to do it.
This is not surprising since Sunrise’s latest iCloud integration was criticized for requiring user credentials for iCloud syncing. In fact, users have left unsatisfactory reviews in the App Store:
Asks for Apple account credentials! by zaled
If you want to use iCloud, you have to turn over your Apple credentials. And once you’ve signed in, there is no way to remove them. This is the WRONG way to implement this! You should just ask for access to Calendar. Not sure how this got approved.Also, they don’t support adding the current date to the app badge.
Great app! iCloud integration is NOT safe! by Igor Leandro
I’ve been waiting for the app to support built in calendar entries for a while. That would also include iCloud. But the way they’ve done is that you must provide THEM with YOUR iCloud user and password into a NON APPLE login page or site.Wrong way of doing it guys.I did not provide my credentials and anyone who has done should change their passwords.Looking forward to a proper iCloud support though.
To continue using Sunrise, customers will have to log back into the app and re-link their accounts with LinkedIn, Foursquare, and Producteev. All other social accounts have been automatically re-connected. To read the full announcement from Sunrise’s CEO, Pierre Valade, visit their blog.
Via The Verge