Hackers Demand Ransom for Allegedly Stolen iCloud Data

Hacking

"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing", said one of the hackers to Motherboard.

Apple has poured cold water on claims that up to 300-million iCloud accounts have been compromised.

According to a report by Motherboard, the cybercriminals identify themselves as the "Turkish Crime Family".

The group said via email that it has had a database of about 519 million iCloud credentials for some time, but did not attempt to sell it until now.

The group claimed to have been in contact with Apple's security team, but the Cupertino company has since come forward with a statement provided to Fortune (via MacRumors) denying that there is a breach with iCloud or Apple IDs.

Paul Calatayud, CTO at security firm FireMon, said anyone who does not use two-factor strong authentication to any account runs the risk of the password being harvested, or guessed.

The group is demanding $75,000 in bitcoin or ethereum, both virtual currencies.

The ransom amount seems surprisingly low, but Apple still isn't interested in paying.

It was revealed that the hackers provided screenshots of alleged email exchanges with Apple, including one where a member of Apple's security team asked if the criminals can provide a sample of the data they have stolen. The group claims that if Apple doesn't pay the $150,000 ransom price, it would remote wipe all of the victims' devices.

From Ashley Madison to Myspace, even Yahoo, it could be any of them and more. That's nowhere near the claimed number of 300 million accounts, but it's possible that the extortionists were exaggerating the number of users affected. The professional networking site, since acquired by Microsoft (msft), was pilfered of information for more than 100 million accounts in 2012, though the extent of the digital heist only came to light past year.

Motherboard also reported they have received videos of the hackers logging into the accounts that are susceptible. Most passwords shown in the video are not complex enough to withstand brute-force attacks.

"The inconsistency in the numbers claims isn't doing them any favors", says Troy Hunt, an Australian data breach expert.

"Breach or not, it will not change the fact that we have provided proof of 200m+ active combos out of a 700m list to multiple media outlets".

Related:

Comments

Latest news

Uber president Jeff Jones quits after just six months
Uber president Jeff Jones is leaving the company after deciding that there have been too many controversies in too little time . Uber said in a statement on Sunday: "We want to thank Jeff for his six months at the company and wish him all the best".

Kurdish-Led Forces of Euphrates Rage Operation Cut off Raqqa-Aleppo Road
The coalition says they've conducted more than 300 airstrikes around Raqqa in the past month. A Pentagon spokesman on Wednesday said the coalition would investigate the alleged strike.

Airbnb Expects African Growth Figures To Double in 2017
China has its own set of successful tech companies, built around cloning platforms of their U.S. counterparts. Airbnb is determined to succeed in China, and a local company name change may just be the way to go.

Sears: 'Substantial doubt' clouds company's future
This ratio also gives some idea of whether you're paying too much for what would be left if the company went bankrupt immediately. But it said its pension agreements may prevent the spin-off of more businesses, potentially leading to a shortfall in funding.

Other news