A group of hackers calling themselves the “Turkish Crime Family” are trying to extort money out of Apple. The group claims to have access to at least 250 million accounts, and will begin to wipe devices in their demands are not met.
The London based group had originally asked for 75,000 Bitcoin, or $100,000 (about RM430,000) in iTunes gift cards. ZDnet has reported that the demands have changed since the hackers initially contacted the media.
According to the reports, the hackers plan to use the access to the iCloud to remotely wipe iPhones or at the very least have them locked using the Find My iPhone feature. It’s uncertain if the group really has access to as many accounts as it claims; as they provided conflicting numbers to Motherboard.
That said, ZDnet has verified that at least a handful of the accounts contain valid username/password combinations. Essentially, this means that the threat cannot be totally dismissed.
On the other hand, Apple says that there are no compromised accounts. According to the company:
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.
We’re actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
The deadline for the ransom is 7 April, which means there is time for Apple to quietly look into the problem. In any case, it would be a good idea for Apple users to reset their passwords and enable two-stage authentication. If only as good security practices.