A single hacker or group of hackers who have identified themselves as the "Turkish Crime Family" allegedly have access to at least 300 million iCloud accounts, but they are willing to delete the alleged cache of data if Apple pays a ransom by early next month, according to a report from Motherboard.
The hackers have allegedly demanded $75,000 to be paid in cryptocurrencies Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards, by April 7, or they will reset a number of the iCloud accounts and remotely wipe victims' Apple devices. The email accounts are said to include @icloud.com, @me.com, and @mac.com addresses.
The report said that the hackers "provided screenshots of alleged emails between the group and members of Apple's security team," while the hackers also shared an unlinked YouTube video that seemingly shows proof of them accessing "an elderly woman's iCloud account" and "the ability to remotely wipe the device."
If the screenshotted email is accurate, which it very well might not be, a member of Apple's security team turned down the ransom, noting that Apple does "not reward cyber criminals for breaking the law."
"We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it's seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law," a message allegedly from a member of Apple's security team reads. (Motherboard only saw a screenshot of this message, and not the original). The alleged Apple team member then says archived communications with the hacker will be sent to the authorities.
Apple did apparently request to see a sample of the dataset, according to the report, but it is unclear if the hackers obliged.
"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers said.
The report should be treated with a healthy dose of skepticism, as these allegations could be untrue, and Apple has yet to confirm or comment on the matter.
Update: The group claims additional hackers have stepped forward and shared additional account credentials, putting the number of accessible iCloud accounts at over 627 million, according to security-centric website CSO Online.
Top Rated Comments
1) Make sure you have your own independent backup of all your data in iCloud. You should do this regardless of hacker threats.
2) Change your Apple ID password.
3) Check your signed-in devices list for any devices you don't recognize, and remove them.
4) For the love of whatever deity you believe in, enable two-factor authentication. C'mon, people. :)
Just wow.