Hackers demand Apple pay up or millions of iCloud accounts will be wiped

New report verifies some iCloud credentials stolen by hacking group targeting Apple

microsoft bug bounty slow ring insider hacking hacker hack lifestyle macbook keyboard
Fabian Irsara/Unsplash
A group of hackers is allegedly trying to extort Apple by holding its customers’ data for ransom and threatening to remotely wipe iCloud accounts connected to both iPhones and iPads if those ransoms are not paid.

The group self-identifies as the “Turkish Crime Family,” and it is demanding either $75,000 in Ethereum or Bitcoin or $100,000 in iTunes gift cards, according to a report from Motherboard. The hackers gave Apple an April 7 deadline to meet the demands — or else they will start wiping both phones and iCloud accounts.

But is this all legit? New reports indicate so. The hacking group provided tech publication ZDNet with a sample set of the iCloud credentials, and ZDNet was subsequently able to verify the information. How? Well, it used Apple’s password reset tool to verify 54 accounts belonging to U.K.-based iCloud customers.

It’s important to note that while all 54 accounts were valid, ZDNet was only able to verify the actual passwords of 10 people. As part of the verification process, the reporters reached out to all of the victims, and at least one of them noted that their password was changed around two years ago, so the breach could be at least a few years old. Most of the individuals said that they used the same login credentials on other websites — which supports the concept that the group didn’t hack Apple but rather used information from other breaches.

According to Motherboard, one of the hackers claims to have gained access to 300 million Apple email accounts, including those using @icloud and @me domains. Another hacker in the group claimed that the group had access to 559 million accounts in all.

And the group said it’s been in touch with Apple’s security team. A member of the Turkish Crime Family provided screenshots of alleged emails between the group and Apple engineers, as well as a YouTube video of one of the hackers logging into a stolen account.

But a report from The Next Web pokes holes in the group’s claim. At least some of the credentials the Turkish Crime Family provided to the publication “[weren’t] functional,” the publication reported on Wednesday, March 22.

And Apple told Fortune that its security team found no evidence of an infiltration. “There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

In a new statement released Thursday, March 23, the Turkish Crime Family clarified that it collated the collection of iCloud credentials by combing through five years’ worth of compromised databases.

Motherboard notes that the hackers approached multiple media outlets, potentially in an attempt to put pressure on Apple, as hackers sometimes feed information to reporters in order to help extortion efforts.

Apple says it’s working with the authorities to bring the hackers to justice, and it’s likely we haven’t heard the last of this story. We’ll update this article as we hear more.

Article originally published 03-22-2017. Updated on 03-24-2017 by Christian de Looper: Added news that ZDNet verified the information.

Mobile

An unknown number of Sprint customers had their personal info stolen by hackers

Hackers stole an unknown number of Sprint users' data after breaching the Samsung.com “add a line” website, according to a letter Sprint sent to impacted customers. Names, addresses and other personal information was all taken in the…
Computing

TrickBot returns with new attack that compromised 250 million email addresses

TrickBot returns with a new attack that teams up the malware with a module dubbed TrickBooster. An investigation into TrickBooster's servers discovered a database with 250 million compromised email accounts.
News

A new phishing scam targets Amazon users just in time for Prime Day

Security researchers at McAfee say that hackers have released a do-it-yourself kit that allows people to easily put together phishing scams targeting Amazon users -- just in time for Prime Day.
Mobile

Crossing over from iOS to Android? Find out everything you need to know here

If you've decided to bridge the great tech divide and leave Apple's walled garden for the unknown shores of Android, then you'll find all the tips and advice you need to begin switching from an iPhone to an Android device.
Mobile

Nomad's new Kevlar-reinforced cable range is now available for purchase

Nomad has just released an update to its super-tough Kevlar range of cables to include a new USB-C to Lightning cable and a blisteringly fast 100W USB-C cable. They're expensive, but they're the toughest cables you'll find.
Mobile

Xfinity Mobile customers can now bring their own Android device to the carrier

Xfinity Mobile, a mobile carrier for Xfinity internet customers, is adding the Samsung Galaxy S9, S9 Plus, S8, S8 Plus, Note 9 and Note 8 to its BYOD program. Customers porting a number on a new line are eligible for a $100 Visa card.
Deals

The best Prime Day smartphone deals: Samsung, Motorola, Google, and more

Amazon Prime Day 2019 is here, and there are a ton of great deals on smartphones worth looking into. Whether you're looking for a new iPhone or an Android device, there should be a Prime Day 2019 deal for you.
Deals

Apple Watch Series 4 smartwatch now just $360 in Amazon Prime Day deal

Amazon Prime Day is a fine time to buy a new smartwatch. The Apple Watch Series 4 is the cream of the smartwatch crop, and now in an Amazon Prime Day deal, the 44mm model can be yours for just $354, down from its original $429.
Deals

The futuristic Samsung Galaxy S10 5G just got a price cut on Best Buy

Amazon Prime Day 2019 is finally here, bringing with it some of the best smartphone deals you're likely to see all year. In particular, there are some amazing deals on Samsung Galaxy phones, including the much-loved Samsung Galaxy S10.
Apple

Missed out on Amazon’s Prime Day Apple Watch deal? Walmart has you covered

Amazon's deal on the Apple Watch was pretty good, but it sold out within the first 24 hours of Prime Day. As an alternative, we'd suggest you shop Walmart, which has the Apple Watch Series 3 available for $80 off its normal price.
Mobile

Having issues with iOS 12? These fixes will help you get back on track

Apple's iOS 12 has a lot going for it, but it's not perfect and several issues have cropped to annoy people. Here are some of the most common iOS 12 problems we've heard about, with some advice on how to fix them or work around them.
Deals

Amazon cuts up to 40% off on Moto G and Z smartphones on Prime Day

Today at Prime Day, Amazon is exclusively offering selected items on the Moto G and Z family at a discounted price of up to 40%. Take this chance and check them out as we’ve gathered them all here.
Product Review

Samsung's $99 fitness tracker takes on Fitbit. Can it keep pace?

Samsung’s going toe-to-toe against Fitbit’s Inspire HR with its own $99 fitness tracker -- the Galaxy Fit. It also has a heart rate monitor, can automatically detect six workouts, and has a battery that can last for days.
Deals

There’s still time for Prime Day iPad deals, even without a Prime membership

Prime Day ends soon but there’s still time to score before the clock runs out. Shoppers looking for a new tablet should strike while the iron's still hot, and this might be your last chance before to snag an iPad deals before summer's…