On Wednesday we reported that Apple had become the target of a ransom threat, with hackers claiming to have access to more than 600 million iCloud accounts. A group known as the "Turkish Crime Family" said they would reset and wipe the accounts unless Apple paid them $150,000 in Bitcoin by April 7.

Apple responded to the threat by stating that there had not been any breach of its systems, and that if hackers did have access to iCloud accounts then it could only be because of compromised third-party services.

Apple two factor authentication
Yesterday, ZDNet said it had received a set of 54 account credentials from the hacker group for "verification" and subsequently reported that all of the accounts were valid, based on a check using Apple's online password reset function.

The accounts include @icloud.com addresses dating back to 2011, as well as legacy @me.com and @mac.com domains from as early as 2000. The list of credentials is said to contain email addresses and plain-text passwords separated by a colon. According to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, this would suggest the data could have been aggregated from various sources.

ZDNet worked to contact each account holder via iMessage to confirm their password, and found that many of the accounts are no longer registered with Apple's messaging platform. However, of those that could be contacted, 10 people – all based in the U.K. – confirmed that the passwords were accurate, and they have changed them as a result.

When pressed about the original source of the data, the hackers claimed that it was "handled in groups" without explaining how or why. The hackers also refused to hand over a U.S.-based sample of accounts.

All of the people with compromised accounts said that until now, they had never changed their iCloud passwords before. One person said that the password he confirmed with ZDNet was no longer in use as of about two years ago, which narrows down the possible date of a breach or multiple breaches to somewhere between 2011 and 2015.

Most of the people confirmed that they used their iCloud email address and password on other sites, such as Facebook and Twitter. However, three people said that their iCloud email address and password were unique to iCloud, and were not used on any other site. Also, two people claimed someone had tried to reset their iCloud passwords in the past day.

It's unclear if the sample provided is representative of the wider pool of credentials the hackers claim to have, but based on its communications with the group, ZDNet suspects that its members are "naïve and inexperienced" and primarily seeking publicity.

Given that Apple has denied a breach, the account information may have been obtained from a major hacking incident, such as the one that befell Yahoo. iCloud users who have the same username and password that was used for both a hacked site and for iCloud should change their passwords immediately.

Anyone else concerned about the hacking claims should change their password and consider using two-factor authentication to secure their Apple ID credentials. Apple has said that it is "actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved".

Tag: iCloud

Top Rated Comments

RightMACatU Avatar
87 months ago
It's clear from this thread that cyber education is still required ;)
Score: 20 Votes (Like | Disagree)
keysofanxiety Avatar
87 months ago
fall for what, a site linking to apple.com?
Well, you just fell for it. The URL leads to a login website that looks identical to Apple's; except it isn't Apple's. After you've 'signed in', they've just got your details. Simple as that. It's not too difficult to change the URL path in an email while keeping what looks like a legitimate link.

That's how phishing works. It gets smarter and smarter.
Score: 16 Votes (Like | Disagree)
honglong1976 Avatar
87 months ago
Wonder if an email I got this morning is anything to do with this:

From: Apple (email address: neojacks@frankyhazard.com)

Dear Customer,

Your Apple ID (xxxxxxx@xxxxxx) was used to sign in tο iCloud οn an iPhοne 7.

Date and Time: March 24, 2017, 01:53 AM PST
Operating System: iOS 10.0.3

If you have nοt recently signed in tο an iPhοne 7 with your Apple ID and believe sοmeone may have accessed your account, gο tο Apple ID (https://appleid.apple.cοm actual link goes to https://appleid.apple.xn--cm-jbc/) and update your information as sοon as possible.

I don't have an iPhone 7 and I am not on iOS 10.0.3

Wonder how many people fall for this :)
Score: 8 Votes (Like | Disagree)
jsmith189 Avatar
87 months ago
fall for what, a site linking to apple.com?
Right click, copy link.



Attachment Image
Score: 7 Votes (Like | Disagree)
keysofanxiety Avatar
87 months ago
It's clear from this thread that cyber education is still required ;)
Yeah! To those hoping for more tips, I'd recommend going to https://www.cybereducation.com ('//www.youtube.com/watch?v=dQw4w9WgXcQ') for further information.

And it's that easy. Trust nothing and no-one online. Question everything. Ensure every link goes to where you expect it to. Go directly through the URL bar rather than following an email link if you're unsure. Phishing gets more and more elaborate and convincing.
Score: 7 Votes (Like | Disagree)
keysofanxiety Avatar
87 months ago
Educate yourself. There are a ton of resources available at your fingertips. Sick of people making excuses or being dumb. You don't need to walk to a library anymore or enroll in a university to get information.

People should educate themselves on cars and seek help from more than one person since mechanics can take advantage of innocent people.
[doublepost=1490360738][/doublepost]

We got one! Sorry that your account has been compromised. Maybe you'll learn from your mistake in the future.
What's with the lemon juice attitude? Everybody started somewhere. If you spent your energy and efforts trying to help people rather than patronising them or saying "serves you right", you might find it a rewarding experience.

At the absolute least, you'll assist people from falling victim to these phishing attempts.
Score: 6 Votes (Like | Disagree)

Popular Stories

apple card 1

Apple Ending Apple Card Partnership With Goldman Sachs

Tuesday November 28, 2023 3:09 pm PST by
Apple is ending its credit card partnership with Goldman Sachs, according to The Wall Street Journal. Apple plans to stop working with Goldman Sachs in the next 12 to 15 months, and it is not yet clear if Apple has established a new partnership for the Apple Card. Apple and Goldman Sachs will dissolve their entire consumer partnership, including the Apple Card and the Apple Savings account....
iOS 17

Everything New in iOS 17.2 Beta 4

Tuesday November 28, 2023 12:18 pm PST by
Apple is wrapping up development on iOS 17.2, with the update expected to come out in December. While we're getting to the end of the beta testing period, Apple is still tweaking features and adding new functionality. We've rounded up everything new in the fourth beta of iOS 17.2. Default Notification Sound Under Sounds & Haptics, there's a new "Default Alerts" section that allows you to ...
iOS 17

Apple Releases iOS 17.1.2 With Security Fixes

Thursday November 30, 2023 10:12 am PST by
Apple today released iOS 17.1.2 and iPadOS 17.1.2, small updates to the iOS 17 and iPadOS 17 operating systems that Apple introduced in September. iOS 17.1.2 and iPadOS 17.1.2 come a few weeks after the release of iOS 17.1.1, another bug fix update. iOS 17.1.2 and iPadOS 17.1.2 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update....
Apple 5G Modem Feature Triad

Apple to Discontinue Custom 5G Modem Development, Claim Reports

Wednesday November 29, 2023 4:19 am PST by
Apple is discontinuing in-house modem development after several unsuccessful attempts to perfect its own custom 5G modem chip, according to unconfirmed reports coming out of Asia. According to the operator of news aggregator account "yeux1122" on the Naver blog, supply chain sources related to Apple's 5G modem departments claim that the company's attempts to develop its own modem have...
All New CarPlay Five New Features Article 2

What to Expect From All-New CarPlay, Still Listed as Coming 'Late 2023'

Tuesday November 28, 2023 7:44 am PST by
At WWDC in June 2022, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, increased personalization, and more. Apple's website still says the first vehicles with support for the next-generation CarPlay experience will be announced in "late 2023," but it has not shared...
Apple Logo

Apple Discontinued These 5 Products This Year

Monday November 27, 2023 7:03 am PST by
As the end of 2023 nears, now is a good opportunity to look back at some of the devices and accessories that Apple discontinued throughout the year. Apple products discontinued in 2023 include the iPhone 13 mini, 13-inch MacBook Pro, MagSafe Battery Pack, MagSafe Duo Charger, and leather accessories. Also check out our lists of Apple products discontinued in 2022 and 2021. iPhone Mini ...
iOS 17

iOS 17.1.2 Update for iPhone Likely to Be Released This Week

Monday November 27, 2023 8:24 am PST by
Apple will likely release iOS 17.1.2 this week, based on mounting evidence of the software in our website's analytics logs in recent days. As a minor update, iOS 17.1.2 should be focused on bug fixes, but it's unclear exactly which issues might be addressed. Some users have continued to experience Wi-Fi issues on iOS 17.1.1, so perhaps iOS 17.1.2 will include the same fix for Wi-Fi...
iOS 17

28 New Things Your iPhone Can Do in December's iOS 17.2 Update

Friday December 1, 2023 2:57 am PST by
Apple made the first beta of iOS 17.2 available to developers in October. Since then we've seen three more betas, and with each iteration Apple continues to add more new features and changes, many of which users have been anticipating for quite a while. Below, we've listed 28 new things that are coming to your iPhone when the finalized version is publicly released this December. 1. Help...