Skip to main content
  1. Home
  2. Mobile
  3. News

Hackers demand Apple pay up or millions of iCloud accounts will be wiped

New report verifies some iCloud credentials stolen by hacking group targeting Apple

Christian de Looper
By

Typing on a MacBook.
Fabian Irsara/Unsplash
A group of hackers is allegedly trying to extort Apple by holding its customers’ data for ransom and threatening to remotely wipe iCloud accounts connected to both iPhones and iPads if those ransoms are not paid.

The group self-identifies as the “Turkish Crime Family,” and it is demanding either $75,000 in Ethereum or Bitcoin or $100,000 in iTunes gift cards, according to a report from Motherboard. The hackers gave Apple an April 7 deadline to meet the demands — or else they will start wiping both phones and iCloud accounts.

Related Videos

But is this all legit? New reports indicate so. The hacking group provided tech publication ZDNet with a sample set of the iCloud credentials, and ZDNet was subsequently able to verify the information. How? Well, it used Apple’s password reset tool to verify 54 accounts belonging to U.K.-based iCloud customers.

It’s important to note that while all 54 accounts were valid, ZDNet was only able to verify the actual passwords of 10 people. As part of the verification process, the reporters reached out to all of the victims, and at least one of them noted that their password was changed around two years ago, so the breach could be at least a few years old. Most of the individuals said that they used the same login credentials on other websites — which supports the concept that the group didn’t hack Apple but rather used information from other breaches.

According to Motherboard, one of the hackers claims to have gained access to 300 million Apple email accounts, including those using @icloud and @me domains. Another hacker in the group claimed that the group had access to 559 million accounts in all.

And the group said it’s been in touch with Apple’s security team. A member of the Turkish Crime Family provided screenshots of alleged emails between the group and Apple engineers, as well as a YouTube video of one of the hackers logging into a stolen account.

But a report from The Next Web pokes holes in the group’s claim. At least some of the credentials the Turkish Crime Family provided to the publication “[weren’t] functional,” the publication reported on Wednesday, March 22.

And Apple told Fortune that its security team found no evidence of an infiltration. “There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

In a new statement released Thursday, March 23, the Turkish Crime Family clarified that it collated the collection of iCloud credentials by combing through five years’ worth of compromised databases.

Motherboard notes that the hackers approached multiple media outlets, potentially in an attempt to put pressure on Apple, as hackers sometimes feed information to reporters in order to help extortion efforts.

Apple says it’s working with the authorities to bring the hackers to justice, and it’s likely we haven’t heard the last of this story. We’ll update this article as we hear more.

Article originally published 03-22-2017. Updated on 03-24-2017 by Christian de Looper: Added news that ZDNet verified the information.

Editors' Recommendations

Topics
This EU law could force Apple to open up iMessage and the App Store
Someone holding an iPhone 14 with the display turned on.

The EU's Digital Markets Act (or DMA) has gone into force today. It could force Apple to open up the iPhone's iMessage and app-buying platforms to third-party apps and services. Companies that fall afoul of the act could be fined up to 20% of global turnover. Apple has previously criticized the DMA for being a "blunt instrument."

The DMA aims to allow smaller services to compete more equitably with larger ones. This means that companies with a certain number of users, labeled as gatekeepers, would have to make their platforms interoperable with smaller ones. Large platforms like Facebook or iMessage, for example, would be required to open up, while something like Signal could scrape by.

Read more
iOS 16’s biggest Apple Pay feature might be delayed until 2023
Apple Pay Later feature being displayed on four iphones all lined up in a row. The displays of the phones showcase the different payment dates and lock screen notifications that will come with the feature.

Nearly four months after its showcase at WWDC 2022, Apple Pay Later has already started living up to its name as Apple has reportedly decided to delay its official debut until 2023.

Bloomberg's Mark Gurman wrote in his Power On newsletter (via 9to5Mac) that the reason Apple Pay Later may get delayed until early next year is that it was one of the features that didn't make it in the initial iOS 16 update upon its September 12 launch, despite Apple promising it would be part of it during the WWDC 2022 conference. Gurman also points out that Apple did not disclose an exact time frame for the feature's release, nor did it give any updates at its Far Out event more than two weeks ago.

Read more
Court orders Apple to pay buyer for missing iPhone charger
iphone 11 charger in box

A regional court in Brazil has ordered Apple to compensate an iPhone buyer following a complaint about not getting a charger in the retail box. As per the court's ruling, Apple will have to pay a sum of 5,000 Brazilian real, which translates to approximately $1,080 based on the current conversion rates, to the affected iPhone buyer.

The company will also add a 1% fee for each month since the court summons began, and a fine of approximately $21 for each day's worth of delay in following the orders. And yeah, Apple will also provide a charger to the customer.

Read more