Hackers demand Apple pay up or millions of iCloud accounts will be wiped

New report verifies some iCloud credentials stolen by hacking group targeting Apple

microsoft bug bounty slow ring insider hacking hacker hack lifestyle macbook keyboard
Fabian Irsara/Unsplash
A group of hackers is allegedly trying to extort Apple by holding its customers’ data for ransom and threatening to remotely wipe iCloud accounts connected to both iPhones and iPads if those ransoms are not paid.

The group self-identifies as the “Turkish Crime Family,” and it is demanding either $75,000 in Ethereum or Bitcoin or $100,000 in iTunes gift cards, according to a report from Motherboard. The hackers gave Apple an April 7 deadline to meet the demands — or else they will start wiping both phones and iCloud accounts.

But is this all legit? New reports indicate so. The hacking group provided tech publication ZDNet with a sample set of the iCloud credentials, and ZDNet was subsequently able to verify the information. How? Well, it used Apple’s password reset tool to verify 54 accounts belonging to U.K.-based iCloud customers.

It’s important to note that while all 54 accounts were valid, ZDNet was only able to verify the actual passwords of 10 people. As part of the verification process, the reporters reached out to all of the victims, and at least one of them noted that their password was changed around two years ago, so the breach could be at least a few years old. Most of the individuals said that they used the same login credentials on other websites — which supports the concept that the group didn’t hack Apple but rather used information from other breaches.

According to Motherboard, one of the hackers claims to have gained access to 300 million Apple email accounts, including those using @icloud and @me domains. Another hacker in the group claimed that the group had access to 559 million accounts in all.

And the group said it’s been in touch with Apple’s security team. A member of the Turkish Crime Family provided screenshots of alleged emails between the group and Apple engineers, as well as a YouTube video of one of the hackers logging into a stolen account.

But a report from The Next Web pokes holes in the group’s claim. At least some of the credentials the Turkish Crime Family provided to the publication “[weren’t] functional,” the publication reported on Wednesday, March 22.

And Apple told Fortune that its security team found no evidence of an infiltration. “There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

In a new statement released Thursday, March 23, the Turkish Crime Family clarified that it collated the collection of iCloud credentials by combing through five years’ worth of compromised databases.

Motherboard notes that the hackers approached multiple media outlets, potentially in an attempt to put pressure on Apple, as hackers sometimes feed information to reporters in order to help extortion efforts.

Apple says it’s working with the authorities to bring the hackers to justice, and it’s likely we haven’t heard the last of this story. We’ll update this article as we hear more.

Article originally published 03-22-2017. Updated on 03-24-2017 by Christian de Looper: Added news that ZDNet verified the information.

Emerging Tech

Awesome Tech You Can’t Buy Yet: A.I.-powered cat toys, wallets, food containers

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Computing

Apple CEO demands Bloomberg retract its Chinese surveillance story

Apple CEO Tim Cook is calling on Bloomberg to retract a story alleging that Apple had purchased compromised servers that allowed the Chinese government to spy on Apple. Apple's investigation found no truth to the story.
Cars

Forget transponders with Peasy’s nationwide pay-as-you-go toll service

Verra Mobility launched Peasy, a consumer highway and bridge toll payment service. Designed to be less hassle than managing traditional transponder or toll tag accounts, Peasy pays tolls as they are levied across most of the U.S.
Social Media

Tumblr promises it fixed a bug that left user data exposed

A bug on blogging site Tumblr left user data exposed. The company says that once it learned of the flaw, it acted quickly to fix it, adding that it's confident no data linked to its users' accounts was stolen.
Social Media

Over selfies and an onslaught of ads? Here's how delete your Instagram account

Despite its outstanding popularity and photo-sharing dominance, Instagram isn't for everyone. Thankfully, deleting your account is as easy as logging into the site and clicking a few buttons. Here's what you need to do.
Product Review

It's got game. But the Razer Phone 2 is still crippled by its camera

The Razer Phone 2 will impress with its gaming prowess and 120Hz screen. But if you care at all about taking pictures on your phone, skip it. While Razer has improved the camera, it’s still short of the competition.
Mobile

Google’s new floating keyboard is so helpful, it’ll put you on cloud nine

Bezel-less smartphones look great, but typing isn't always so good, as grip can be more of a challenge. That's where Google's Gboard keyboard comes into play. It now has a floating keyboard feature to help out.
Mobile

Insane 5G Xiaomi Mi Mix 3 boasts a retro slide-up camera

Xiaomi will announce the Mi Mix 3 smartphone on October 25, and according to the company's spokesperson, it will be capable of connecting at 5G speeds and feature 10GB of RAM -- two world firsts.
Mobile

Declutter your life with our favorite wireless chargers for Android and iPhones

We checked out the best wireless phone chargers to make tangles and uncooperative ports a thing of the past. Whether you have an iPhone or Android, find out which wireless charging pads are worth buying, and how their features compare.
Deals

Save up to $900 with the best smartphone deals for October 2018

Need a better phone but don't want to spend a fortune? It's never a bad time to score a new smartphone and save some cash. We rounded up the best smartphone deals available that can save you as much as $900.
Mobile

Huawei confirms it won't be selling the Mate 20 series in the U.S.

Huawei has released the Mate 20, Mate 20 Pro, and Mate 20 X. With all-new Kirin processors, advanced A.I. brains, and an amazing triple camera, here's absolutely everything you need to know about the new Mate 20 series.
Photography

8 weird, useful camera accessories for your iPhone or Android

With the rise of smartphone cameras comes an explosion of accessories aimed at enhancing your photography skills. Here, we take a look at a few, from add-on grips to entire camera units designed specifically to work with iOS devices.
Mobile

eBay’s new Instant Selling program turns old smartphones into new money

With eBay's new Instant Selling program, selling your smartphone just got easier. Immediately after listing your device, you'll receive a voucher that can be used toward the purchase of a new phone through the site.
Mobile

Razer Phone 2 vs. Red Magic Phone vs. Honor Play: Which gaming phone is best?

Mobile gaming is serious business nowadays. But which high-powered gaming phone is best for you? We pitted the Razer Phone 2 against the Red Magic Phone and the Honor Play to find out which of the three deserves your attention.