On Wednesday a hacker group calling itself the Turkish Crime Family claimed to have hacked 200 million Apple iCloud accounts, and they threatened to remotely wipe out the purloined accounts if the tech giant refused to pay up a ransom for the release.
The hack group told Motherboard that they have exchanged emails with Apple’s security team. According to the screenshot of a message allegedly from Apple provided by the hackers, the company responded to the extortion that it would not “reward cyber criminal for breaking the law”. Later a person with knowledge of Apple’s security operations told Business Insider that the email is fake.
Soon afterwards Apple made the following statement: “There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services…We’re actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. ” The company also warmed its customers to always use strong passwords (not the same passwords across sites) and to turn on two-factor authentication for protecting their Apple accounts against these types of attacks.
Despite Apple’s statement, the hack group still asserted to reset the devices that are using the hacked accounts to factory defaults, unless Apple pay the ransom by April 7. The ransom was said to be over $75,000 (in either the Bitcoin or Ethereum cryptocurrencies), or nearly $100,000 worth of iTunes gift cards. The hackers also claimed to strengthen infrastructure and acquire more servers for the date of April 7.
For now there is no clear evidence showing that the group’s claims are true. Apple has not confirm the authenticity of purloined accounts. It is still possible that some Apple users’ password might have been acquired by the group, considering recent years’ information leak from several large breaches including Yahoo and LinkedIn. If you are using the same password or email for multiple services, you’d better change your Apple ID password right now, and don’t forget to turn on two-factor authentication.
What’s your opinion about the hacker group’s claim and extortion? Have you check out the security of your Apple account yet? Please share your idea with us here.