Hackers Demand Ransom for Allegedly Stolen iCloud Data

As many as 560 million iCloud and Apple Mail accounts could be erased on April 7

"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing", said one of the hackers to Motherboard.

Apple has poured cold water on claims that up to 300-million iCloud accounts have been compromised.

According to a report by Motherboard, the cybercriminals identify themselves as the "Turkish Crime Family".

The group said via email that it has had a database of about 519 million iCloud credentials for some time, but did not attempt to sell it until now.

The group claimed to have been in contact with Apple's security team, but the Cupertino company has since come forward with a statement provided to Fortune (via MacRumors) denying that there is a breach with iCloud or Apple IDs.

Paul Calatayud, CTO at security firm FireMon, said anyone who does not use two-factor strong authentication to any account runs the risk of the password being harvested, or guessed.

The group is demanding $75,000 in bitcoin or ethereum, both virtual currencies.

The ransom amount seems surprisingly low, but Apple still isn't interested in paying.

It was revealed that the hackers provided screenshots of alleged email exchanges with Apple, including one where a member of Apple's security team asked if the criminals can provide a sample of the data they have stolen. The group claims that if Apple doesn't pay the $150,000 ransom price, it would remote wipe all of the victims' devices.

From Ashley Madison to Myspace, even Yahoo, it could be any of them and more. That's nowhere near the claimed number of 300 million accounts, but it's possible that the extortionists were exaggerating the number of users affected. The professional networking site, since acquired by Microsoft (msft), was pilfered of information for more than 100 million accounts in 2012, though the extent of the digital heist only came to light past year.

Motherboard also reported they have received videos of the hackers logging into the accounts that are susceptible. Most passwords shown in the video are not complex enough to withstand brute-force attacks.

"The inconsistency in the numbers claims isn't doing them any favors", says Troy Hunt, an Australian data breach expert.

"Breach or not, it will not change the fact that we have provided proof of 200m+ active combos out of a 700m list to multiple media outlets".

Related:

Comments

Latest news

Uber president Jeff Jones quits after just six months
Uber president Jeff Jones is leaving the company after deciding that there have been too many controversies in too little time . Uber said in a statement on Sunday: "We want to thank Jeff for his six months at the company and wish him all the best".

Kurdish-Led Forces of Euphrates Rage Operation Cut off Raqqa-Aleppo Road
The coalition says they've conducted more than 300 airstrikes around Raqqa in the past month. A Pentagon spokesman on Wednesday said the coalition would investigate the alleged strike.

Villanova loss, ACC flameout reshape NCAA Sweet 16 bracket
But this is a team that struggled to put away Northern Kentucky then had to fight tooth and nail to dispose of Wichita State. Baylor will have to stop Thornwell and limit high percentage looks to have any chance of toppling a hot SC offense.

Trump feels 'somewhat' vindicated after surveillance briefing
Corn was one of the reporters huddling about Nunes after the hearing when the names of the two Trump supporters surfaced. Schiff added "it certainly does not suggest - in any way - that the president was wiretapped by his predecessor".

Other news