A group of black hat hackers have gained control of over 300 million iCloud accounts and other Apple accounts, at least that is what they are telling Motherboard. The website also quotes one of the hackers saying they actually have access to 559 million accounts not 300 million so their claim is inconsistent to begin with. What’s even more interesting is that these hackers want to extort $75,000 from one of world’s richest companies promising if the money is paid, they will not release the sensitive information on millions of its users.
The hackers call themselves Turkish Crime Family. They claim to be in contact with Apple and have already informed company’s security team about their alleged hack. In email exchanges that were partially shared with Motherboard they got in contact with the Apple Security team, which had asked them to remove one of the videos they have posted about the hack on Youtube. The company also asked the hackers to share a sample of the data set that they have on its users.
While Apple is allegedly exchanging emails with the hackers it has categorically denied to pay the ransom to hackers saying “we do not reward cyber criminals for breaking the law”.
Motherboard notes that hackers might have also contacted other media outlets in a bid to build pressure on Apple, so that the company would succumb to their demands. Hackers are even threatening to reset iCloud accounts and remote wipe Apple devices of users on April 7 if their ransom demands are not meet by Apple.
While this could turn out to be a total hoax it would be interesting to see how this drama unfolds. In the meanwhile we would recommend that you enable two-factor verification on your iCloud accounts and reset its password just to be on the safe side.
Updated: Apple has responded to the media reports about iCloud hacking. The company says no breach of security took place on its server. Here is the full statement given to Fortune by Apple.
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the spokesperson said. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
