A hacker group is threatening to wipe user data from iPhones, iPads, Macs and other devices belonging to hundreds of millions of Apple users, if the tech giant doesn’t pay a ransom by April 7.
The so-called “Turkish Crime Family,” which is actually based in London, claims it is in possession of iCloud, and Apple ID and email credentials of more than 300 million users, according to a report first published in tech site Motherboard.
The cybercriminals have demanded $100,000 in iTunes gift cards or $75,000 in the electronic currencies Bitcoin or Ethereum, in exchange for deleting the customer data.
Apple has – thus far – refused to pay the ransom.
“We're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved,” according to a statement from Apple that was published in Motherboard and other tech outlets.
Tech website ZDNet, one of several outlets to be contacted directly by the hackers, managed to confirm that at least some of the stolen data is real.
“ZDNet obtained a set of 54 credentials from the hacker group for verification,” the article said. “All the 54 accounts were valid, based on a check using the (iCloud) site's password reset function.”
The publication also reached out directly to some of the compromised users.
“(Ten) people in total confirmed that their passwords were accurate, and have now changed them,” the article states. “The same 10 people confirmed that they had used the same password since opening their iCloud accounts.”
Apple products have long been hailed for their superior security and it was not immediately clear how the hackers obtained the data.
“There have not been any breaches in any of Apple's systems including iCloud and Apple ID,” the Apple statement said. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
It’s also impossible to know precisely how many Apple account credentials the hackers actually have.
All 10 of the victims contacted by ZDNet were based in the U.K. and had U.K. phone numbers, the publication said.
Some reports speculated the credentials were likely obtained through a 2012 breach of LinkedIn data, and are now being used to access Apple accounts of customers who maintained the same login information for multiple sites.
But the answer might not be that simple.
“Three people said that their iCloud email address and password were unique to iCloud, and were not used on any other site,” ZDNet reported, “a key anomaly that, if accurate, we can't explain.”
Motherboard, which first reported the story March 21, has also been in communication with the cyber criminals and was provided with evidence, including screenshots of emails purportedly exchanged between the hackers and Apple security employees.
“(We) would like you to know that we do not reward cyber criminals for breaking the law,” read one email from a user with an @apple.com address.
In its statement of recent days, Apple officials advised the public to take proper precautions.
“To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication,” the statement said.
Send tips and news to [email protected].