Hackers Claim Access to 300 Million iCloud Accounts, Say Apple Refused to Pay $75,000 Ransom

A single hacker or group of hackers who have identified themselves as the "Turkish Crime Family" allegedly have access to at least 300 million iCloud accounts, but they are willing to delete the alleged cache of data if Apple pays a ransom by early next month, according to a report from Motherboard.


The hackers have allegedly demanded $75,000 to be paid in cryptocurrencies Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards, by April 7, or they will reset a number of the iCloud accounts and remotely wipe victims' Apple devices. The email accounts are said to include @icloud.com, @me.com, and @mac.com addresses.

The report said that the hackers "provided screenshots of alleged emails between the group and members of Apple's security team," while the hackers also shared an unlinked YouTube video that seemingly shows proof of them accessing "an elderly woman's iCloud account" and "the ability to remotely wipe the device."

If the screenshotted email is accurate, which it very well might not be, a member of Apple's security team turned down the ransom, noting that Apple does "not reward cyber criminals for breaking the law."
"We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it's seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law," a message allegedly from a member of Apple's security team reads. (Motherboard only saw a screenshot of this message, and not the original). The alleged Apple team member then says archived communications with the hacker will be sent to the authorities.
Apple did apparently request to see a sample of the dataset, according to the report, but it is unclear if the hackers obliged.

"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers said.

The report should be treated with a healthy dose of skepticism, as these allegations could be untrue, and Apple has yet to confirm or comment on the matter.

Update: The group claims additional hackers have stepped forward and shared additional account credentials, putting the number of accessible iCloud accounts at over 627 million, according to security-centric website CSO Online.

Top Rated Comments

(View all)
Avatar
35 months ago
Might be a good time to:

1) Make sure you have your own independent backup of all your data in iCloud. You should do this regardless of hacker threats.
2) Change your Apple ID password.
3) Check your signed-in devices list for any devices you don't recognize, and remove them.
4) For the love of whatever deity you believe in, enable two-factor authentication. C'mon, people. :)
Rating: 49 Votes
Avatar
35 months ago
If I could delete 300 million iCloud accounts, I'd ask for more than $75,000
Rating: 35 Votes
Avatar
35 months ago
Go get a job. Certainly these skills could be used in the real world and could net you more than a measly $75,000.

Just wow.
Rating: 28 Votes
Avatar
35 months ago
This is equally disturbing, and comical, as the hackers are like "APPLE! GIVE US MONEY! ...Or, you know, just free iTunes stuff. Either will do."
Rating: 23 Votes
Avatar
35 months ago

Might be a good time to:

1) Make sure you have your own independent backup of all your data in iCloud. You should do this regardless of hacker threats.
2) Change your Apple ID password.
3) Check your signed-in devices list for any devices you don't recognize, and remove them.
4) For the love of whatever deity you believe in, enable two-factor authentication. C'mon, people. :)


Grandma doesn't know how to do any of that :(
Rating: 16 Votes
Avatar
35 months ago

If I could delete 300 million iCloud accounts, I'd ask for more than $75,000

Yes. To me, this is the give-away. They clearly picked an amount that is high enough for them to justify faking it all, but low enough to be a mere nuisance to Apple. If they were serious, they would be asking for millions.
Rating: 7 Votes
Avatar
35 months ago

This is a very real concern. I can handle these steps, but can my parents? (Maybe we need to have an iCloud security party )


I'm actually going to sit with my mom this week and make sure she has 2FA enabled on her account/phone. Everyone should teach their parents and family about security practices if you are able.
Rating: 6 Votes
Avatar
35 months ago

How do you check "signed-in devices"?


Log into icloud.com and go to settings. The list of signed in devices will show at the bottom.
Rating: 5 Votes
Avatar
35 months ago

Grandma doesn't know how to do any of that :(

This is a very real concern. I can handle these steps, but can my parents? (Maybe we need to have an iCloud security party )
Rating: 4 Votes
Avatar
35 months ago

How do you check "signed-in devices"?


Log into icloud.com and go to settings. The list of signed in devices will show at the bottom.


You can also do this at https://appleid.apple.com, which is where you can set up two-step verification.
Rating: 4 Votes
[ Read All Comments ]