Apple responds to ransom threat, claims it hasn’t been hacked
Apple has responded to a threat from hackers to wipe more than 600 million iCloud accounts, claiming there have not been any breaches.
According to a Motherboard report, the company was threatened by the “Turkish Crime Family” hacking group, which claimed to have gained access to hundreds of millions of iCloud accounts.
The group threatened to remotely wipe users’ devices and reset the iCloud accounts if Apple didn’t pay $75,000 in Bitcoin or Ethereum by April 7.
Related: iPhone 8
Now, Apple has responded to the threat, providing a statement to Fortune which reads: “There have not been any breaches in any of Apple’s systems including iCloud and Apple ID.
“The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
It seems the company is placing the blame for any security breach squarely on third-party services, then – though, at this point, it’s still unclear whether the hackers actually have the information they claim.
Initially, the group was thought to have gained access to 300 million icloud.com, me.com, and mac.com email addresses, but after other hackers allegedly provided more information, that number increased to 627 million.
What’s more, the hackers say 220 million of the accounts have been verified as working, without two-factor authentication being enabled.
None of the allegedly hacked account information has been released at this point, but Motherboard claims to have seen screenshots of emails between the collective and Apple’s security team.
One of the hackers allegedly told the blog: “I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing.”
The group says it will delete its list of logins after Apple pays it $75,000 in either Bitcoin or Ether, or $100,000 worth of iTunes gift cards, according to Motherboard’s original report.
Apple added, in its statement to Fortune, that it is “actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved.
“To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
If the hackers do indeed have access to accounts, it seems the information would most likely have come from previous data breaches where customers have used the same login details for two services.
Those that have used the same login details for, say, their Yahoo account and iCloud account should change their password immediately.
Let us know what you make of the situation in the comments.