Investigators from Google’s external security team found evidence of a “continued effort” by a hacking group to break into the iPhones operating system over a period of at least two years. The unprecedented attack affected “thousands of users per week” until it was stopped in January.

Hackers used websites to place a “tracking implant” on visitors’ iPhones and, through that malicious software, remove contacts, images and other personal data.

Contacted by the BBC, Apple, the company that makes iPhones, said it would not comment on the case.

Details of the attack were disclosed in a series of publications by British cyber security expert Ian Beer, a member of Project Zero. This Google project is dedicated to finding new security vulnerabilities on the Internet.

Beer and his team found that hackers used 12 separate security holes to break into devices. Most were “bugs” (system errors) in Safari, the standard “browser” of Apple products.

Once iPhones were hacked, user data was exposed to criminals. The device’s location was updated by the minute; passwords were exposed, as were chat histories in applications like WhatsApp, Telegram, and iMessage; they accessed contacts and the Gmail database.

The hackers were able to hack “almost all versions of the latest versions of iOS 12” explained Ian Beer. This revealed that a group was making a continuous effort to break into iPhones in certain locations for a period of at least two years.”

Apple released a software fix to address the security hole in February.

If you have an iPhone, make sure your device has the latest version of the iOS operating system to ensure protection. To do this, go to “Settings” and open the “General” section. Under “Software Update” you should have iOS have iOS 12.4.1. If you do not have this version, you can upgrade by clicking “Download and Install”.