Earlier this week, a group of hackers claimed to have access to more than 600 million iCloud accounts, and threatened to reset the accounts and remotely wipe victim’s devices if Apple failed to pay a $150,000 ransom demand by April 7.
Apple responded to the hackers threats, telling Fortune that there have been no breaches of its systems. Apple suggested if the hackers do indeed have access to iCloud account information, it was obtained from previously breached third-party services:
There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the spokesperson said. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.
Original iCloud Ransom was $75,000
A Tuesday report from Motherboard said a hacker group, known as the “Turkish Crime Family” claims to have access to hundreds of millions of iCloud accounts. The group has threatened to reset all of the iCloud accounts and remotely wipe the connected Apple devices, if Apple doesn’t pay $150,000 via Bitcoin or Ethereum cryptocurrency by April 7. (Initially the group asked Apple for $75,000 via Bitcoin or Ethereum. The group says it will increase it further if Apple doesn’t pay in three days.)
The group was originally believed to have access to 300 million hacked iCloud accounts, but that number allegedly later increased to more than 600 million accounts when other hackers stepped forward to provide the account information they had obtained.
The hackers claim at least 220 million of the login username/password pairs are verified to work. The accounts are also said not to be protected by two-factor authentication. Apple denies its systems have been breached, and instead says the information might have been obtained from known hacks, such as the Yahoo breaches.
Users who were affected by the Yahoo or other data breaches may have used the same login information on iCloud and the hacked sites. Apple recommends iCloud users choose strong passwords, use different passwords for each website, and turn on two-factor authentication to protect their accounts.
An Apple spokesperson said that Apple is “actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”