Hackers threaten to wipe millions of iPhones and iCloud accounts if Apple doesn’t pay up by April 7th

“A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts,” Joseph Cox reports for Motherboard. “The hackers, who identified themselves as ‘Turkish Crime Family’, demanded $75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data.”

“The hackers provided screenshots of alleged emails between the group and members of Apple’s security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple,” Cox reports. “‘Are you willing to share a sample of the data set?’ an unnamed member of Apple’s security team wrote to the hackers a week ago, according to one of the emails stored in the account.”

“Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim’s Apple devices on April 7, unless Apple pays the requested amount,” Cox reports. “According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all.”

Read more in the full article here.

“‘I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing,’ one of the hackers told [Motherboard],” Hyacinth Mascarenhas reports for International Business Times. “To prove their claims, members of the hacking group reportedly provided Motherboard with screenshots of alleged emails between the group and Apple’s security team and access to an email account reportedly used to communicate with the Cupertino company.”

“The group is also said to have given the site a video, uploaded to YouTube, allegedly showing them browsing through a number of stolen iCloud accounts,” Mascarenhas reports. “According to the emails allegedly exchanged between Turkish Crime Family and Apple, a member of the company’s security team asked them to take down the YouTube video ‘as it’s seeking unwanted attention’ and said they ‘do not reward cyber criminals for breaking the law.’ The team member also warned that archived communications with the group would be sent to the authorities.”

“Members of the group were also reportedly inconsistent about their claim with one of the hackers claiming they had 559 million accounts,” Mascarenhas reports. “The Turkish Crime Family Twitter account, however, claims 200 million iCloud accounts will be affected in the April cyberattack.”

Read more in the full article here.

MacDailyNews Take: If true, somebody should tell these jokers that crime doesn’t pay*.

*Unless you’re Google or Samsung.

[Thanks to MacDailyNews Readers “Fred Mertz” and “Tom R.” for the heads up.]

36 Comments

      1. You respond positively to a moronic comment because it supports your world view.

        Nothing exposes a lack of rationality more than the ready approval of dumb comments based on their empty identity politics.

    1. Without any lack of logic of subtlety. Any group, “liberal”, “conservative”, etc., is full of morons and moronic ideas. Real problem solving doesn’t need or have a team name. Nor is any ideology complete, reality is messy.

      On a more practical note, Apple could offer to pay for the details of the hackers exploit, once it was shared and Apple locked down the accounts. Everyone wins.

    2. You define this as a liberal trait? The Gordon Gekko attitude, I assure you, knows know political boundaries. And moreover, your political commentary isn’t applicable to this situation. If you think that middle eastern thugs are “liberal”, you are truly uninformed.

        1. No,Paul did not. Thelonius made the false equivalency that liberals are extortionists.

          That is odd considering that the vast majority of accumulated wealth is hoarded by extremely conservative corporate leaders. Apple is an exception, oddly enough. Apple is socially liberal and fiscally self-serving.

          1. I think his comment is entirely appropriate.
            Like criminals, liberals think they are entitled to other people’s money.
            Also: The vast majority of accumulated wealth is hoarded by extremely LIBERAL corporate leaders. Brin, Cook, Bezos, Nadella, Page, Branson, Zuckerberg, etc, etc….

    3. Funny, I was thinking about how it sounded like the demands for corporate welfare from almost every big business in the world- give us tax breaks or infrastructure for free or we will not come. They shake down every state, county and city for the last nickel they can extort.

      Some states are even rebating collected Payroll Taxes to businesses- otherwise collecting state taxes from employees and then handing back over to the employers. That is the world we live in.

    1. Called AppleCare last nite. They were not aware of any known issues.

      Also, the demands sound stupid. $750,000 in bitcoin or $10,000 in iTunes cards…

      Cards?? those are traceable. Sure they could sell them for 50% off, but the first time someone tries to cash one, the track leads right back to the user…. “Who did you buy this from??”

      Just saying.

  1. The hackers are probably Russians. Since Trump has worked with them, I wonder if he could call them up and negotiate a deal? Like maybe free health insurance for life, or a discount on the membership fees at Mar-a-Lago?

  2. I imagine how many people will wrongfully think it is an Apple fault. I am 99.9% certain this attack is similar to previous “celeb picture case”. The easy way to protect yourself is to turn on 2 factor authentication and not use duplicate passwords EVER.
    So many sites are hacked lately and people who do not use those simple advises I just gave are really screwing themselves.

    1. √ Correct. There has been a recent bombardment of Phishing email targeted at Apple users attempting to fool them into giving up their account ID and password. I received attacks via both cell phone messaging and email.

      Social engineering is sadly a success. Sometimes I think the insulting term ‘LUSER’ isn’t insulting enough for the suckers who fall for this garbage. Then again, I’m constantly reminded that having tech skills is a relatively rare trait and that modern technology is always going to fly over the heads of average users. That’s part of the diversity of life, not a problem as long as we techies are willing to help out those that don’t/can’t understand.

      1. Maybe the X00 million account creds came from yahoo and ilk. Recently I saw how using a combo of bruteforce and dictionary/rules attack, you can crack pretty much 60% to 70% of the passwords in short order. Who knows if Russia has come up with a quantum computer that allows for brute force – or the US for that matter – reguardless of what password+hash we come up with.

        Simply passwords are done. Passé

        1. Good point. The eternally reused password continues to be a big problem. Using it one place that’s hacked as well as another means the hackers are going to try to use that password elsewhere and break in.

          Yes, the password attack libraries are now huge with not only dictionary words, but 1337 versions of the entire dictionary as well as phrases and equivalents thereof, etc.

          The conclusion is that if a password is short enough and is reasonably memorable, you’re going to get PWNed. I now use very long (as long as sites will allow) passwords with random characters (as many different characters as sites will allow). I store them in two places:

          1) A secure password management program. (I use 1Password. LastPass is also excellent).
          2) In a text file I store inside a highly encrypted sparse bundle disk image, where I store my other critical personal files. (I backup this encrypted disk image on DropBox, knowing they can never, ever crack into it on their end, ha ha ha).

          I use both of these methods as it provides redundancy if one of the other drops dead AND it helps cover-my-ass if I forget to put everything in one or the other, as is my want when I’m caffeine starved.

          As for quantum computers, they still have to prove themselves. But it’s now and always a great idea to use long, random passwords from here on out. When using encryption, use the highest end currently available.

          Nope, not gonna be simple/easy.

    2. If it is simply a data download like the ‘celeb picture case’, the data is already stolen and nothing can really be done after the fact. If however they actually have access to accounts and can remove them altogether, it is a totally different animal. And at the scale that is being discussed I doubt Apple iCloud security is totally clear of fault.

  3. All the more reason to NOT DEPEND on the CLOUD. It seems that Apple is INSISTENT that users migrate to the cloud, AS IF everyone has access to the internet at high speeds all the time, as if it is as secure as an HD. That is myopic arrogance. Not everyone lives/works where fast internet is available.

    1. As ‘the guy from eastern europe’ and I point out above, the problem is NOT the technology (as long as it is done securely). The problem is that people fall for social engineering such as phishing and the download/install of Trojan horses. It’s an issue that is entirely separate from actual cloud/software security.

  4. I’m surprised that the crooks asked for so little. That would suggest that it is fake.
    To be on the safe side, I’m downloading my documents folder that got put into the cloud. My phone was backed up with encryption recently so that is covered.

  5. I believe that there might be multiple copies of user account data stored at different locations, just in case such incidents happen or in case server is destroyed by fire or other accidents.

    1. I can see Apple taking precautions to keep more than one site for the same data to recover from the situations you describe. But if someone has access to an account and erases/damages it, I would think that action would affect all copies being kept by Apple.

  6. Interesting. A few days ago I got a notification on my phone saying someone is China was logging into my account. Thank God I had two-factor authentication and blocked it. Somehow they got my password but Apple’s high security saved the day. I wonder if the two are related.

  7. If so it only reaffirms my basic mistrust of using Cloud services. Boy is this a tiresome hacking headline! Anything online is subject to attack and loss of privacy. What a sad world and those wretched souls without a conscience who would prey for dishonest monetary gain. Technology WILL be the death of us all, in one form or another. Only a matter of time.

  8. I do not see how this “Turkish Crime Family,” even if they had the Apple IDs of 200 million or 559 million Apple user accounts, could wipe these Apple devices en masse. Apple does not have the actual passcodes for the devices. . . nor does Apple have the AppleID passcodes in a form that would be useable for the Crime Family to apply to the devices.

    On the other hand, it may be a good idea to change our AppleID passcodes. If these hackers have grabbed a copy of Apple’s database, then it was done in the past and Apple will lock it down now,, changing protocols for access. Changing your passcode before April 7th seems a wise precaution to prevent the off chance they do have access to your data and device.

    1. Thinking like a black hat, it could just be a ploy to get people interested in changing their non-violated password/account access and somehow gain the same via a ‘fake’ password/account change App or site. In actuality very few accounts may have been hacked to give the appearance of being a serious incident.

      1. I agree. This just screams amateur hour. I am not too worried about it. I have Two-Factor activated and Apple has plenty of time to change their accesses protocols for anyone who has sufficient access to wipe everything for everyone.

  9. From my experience, some hackers are polite and professional, but lack the skills, experience or technology to be worth it for me,I once hired a hacker and charged me $460 but could not locate the person who hacked my gmail account and sent out personal emails. I then hired ZeusHacks and they located the perpetrators within 6 hours at a cheaper price. You can contact them on ZEUSHACKERS01 at OUTLOOK dot COM . They offer lots of hacking services like social media hacks like facebook hacks, kik hacks, bank account hacks, iCloud hacks, whatsapp hacks, recover passwords, upgrading school grades and so many hacking services. Goodluck and thank me later

  10. Tired of his or her lies,secret calls,constant texting or you want to know the identity of the person you have been talking to online,Change of result, all you need is a good licensed hacker,who is experienced, he can help you, most of these so called hackers here are impostors, I know how real hackers work, they never advertise themselves in such a credulous manner and they are always discrete. finally my friend introduced me to a reliable hacker who works with discretion and delivers, he does all sorts of hacks but he helped me:Hacked my school database and change my final year result to all “A”s. What amazed me was that he did the job , i saw the result before i paid him his fee. His trusted and reliable but you wont know till you give him a try and you can as well enjoy his services before payment.Why not contact him at underworldhkg@outlook.com.Let put an end to cheating,lies and failure.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.