A group known as the Turkish Crime Family says they have successfully stolen iCloud credentials but want Apple to pay it $75,000 in Bitcoin. They however also said according to a Motherboard report that they could settle for $100,000 in iTunes gift cards. The hackers however said they have shared a screenshot of the stolen accounts with a member of the Apple security team and have since made a video on YouTube showing that they indeed have some iCloud records.
The Apple security team has reportedly asked them to take down the video saying “We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it’s seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law,” but this hasn’t deterred the hackers who have threatened to start resetting a number of the iCloud accounts and remotely wipe victim’s Apple devices on April 7, unless Apple pays the requested amount.
Now this was two days ago.
Today though, Apple denied that all of that was true and said it was all blackmail. But to counter Apple’s claim, the group has sent a number of news outlets screenshots and one of them is The Next Web (TNW) which says it has been able to confirm is at least partially authentic – though not all leaked credentials seem to be functional. The TNW report says the “Turkish Crime Family additionally noted that all previous communication with Apple and Motherboard has been led by a member that has since been removed from the crew for “inaccuracy” and “lack of professionalism.” The group now claims all conversations with Apple have been kept private, rejecting the authenticity of Motherboard’s report.”
Apple though has since said its 600 million email and iCloud accounts are intact and according to its security team shows no sign of any breach. Speaking to Fortune, Apple said “There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the spokesperson said. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
But let’s assume for now that the hackers don’t have access to those accounts but have something at least that can compromise accounts and to that Apple says they are “actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
But if there is anything we learned from the Yahoo breach, it is that hackers can indeed breach a company’s server only for you to find out two years later as in the Yahoo case. Just saying