A group of hackers claim to have access to hundreds of millions of iCloud user accounts, and they're threatening to wipe the data if Apple doesn't pay up. Originally reported by Motherboard, the group wants Apple to turn over $100,000 worth of Bitcoin for all of their seven members in order for them to delete their copy of the data.
The hackers call themselves the "Turkish Crime Family," Motherboard reported. According to the outlet, the hackers also provided them with email correspondence they conducted with Apple, as well as a link to a YouTube video of them signing into one of the accounts with the compromised credentials.
The actual number of accounts the group alleges to have access to isn't clear. One hacker claims that "over 300 million Apple email accounts" are in their possession, while another said "they had 559 million accounts in all," according to Motherboard's article. If Apple refuses to pay the ransom, the group is threatening to reset or wipe some of the accounts on April 7, the article said.
The big question is whether or not the claims from the Turkish Crime Family carry any weight. In a statement provided to our sister site, CNET, Apple said that no security breaches had affected its systems and that "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services." According to a report by our sister site, ZDNet, a press email sent by the group seemed to confirm Apple's assertions.
To investigate the claims, ZDNet obtained a set of credentials for some icloud.com, me.com, and mac.com accounts. Although it was able to verify some of the passwords as accurate, there was much evidence to suggest that the group is disorganized and lacks experience.
Still, iCloud users should take steps to further secure their accounts, just in case. Users should change their password and potentially enable two-factor authentication for their account, which they can learn how to do here.
Update: A recent email from the Turkish Crime Family, sent to members of the press, claims that the group has access to 800 million iCloud accounts, and they are currently growing their ranks for the April 7 attack. The email also said that the group is preparing to launch a website where people could access the personal information associated with the hacked iCloud accounts.
The 3 big takeaways for TechRepublic readers
- 1. A hacker group calling itself the "Turkish Crime Family," claims to have access to some hundreds of millions of compromised iCloud accounts.
- 2. Apple claims that its systems have not been breached, and evidence exists that the group is disorganized and inexperienced.
- 3. To be safe, iCloud users should reset their passwords and consider enabling two-factor authentication.
- Dozens of iOS apps vulnerable to data theft, despite ATS mandate (TechRepublic)
- Apple releases 'important security update' for iPhone after spyware discovery (ZDNet)
- Research: Apple rated highest for security on mobile devices (TechRepublic)
- Security awareness and training policy (ZDNet)
- How to enable two-factor authentication for your Apple ID (TechRepublic)