It’s a real tough to hack into an iPhone or Apple ID and that’s well established. But hackers find a way to do it anyways. On March 21st, a group of hackers going by the name of ‘Turkish Crime Family’ claimed to have access to a large cache of iCloud and other Apple email accounts. The hacker group contacted Vice Blog Motherboard demanding $75,000 in Bitcoin or Ethereum, another form of popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data.
“I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing,” one of the hackers told Motherboard.
They also shared a screenshot of their communication with Apple security team member and it seemed legit. There was a message in which security team member demanded for a sample of data set. In response, hackers uploaded a YouTube video accessing an old women’s iCloud account. As of now, they claim to have access to 559 million Apple emails and iCloud accounts in total and if their demands are not met, all the user data will be wiped out remotely by April 7.
In response to the threat, Apple contacted Motherboard assuring control of the situation and told: “There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.
We’re actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
Since there was not much evidence proving the claim of hackers, so ZDnet decided to reach out to them. The Turkish Crime Family provided them a small sample of 54 IDs from their alleged 500 million or so. To check the validity of IDs, ZDnet tried contacting people linked with the accounts and found 10 passwords out of 54 were in use at present.
There was nothing common among the 10 verified accounts. The people were using different cellular networks and owned different Apple devices including, iPhones, Macs, iPads. This indicates that the data was not obtained from a particular network and was also not limited to single product line.
Although most of the them used same password for their iCloud account and other services, but there were few who assured that their iCloud password was unique and was not used anywhere else. So, in this case Apple’s statement “obtained from previously compromised third-party services”, might not be completely true.
After all this, one thing is for sure that with the advancement in security measures, hackers too are going a step ahead. It doesn’t matter how the hackers got all those credentials, you should take some measures for your own data security. Anyone with an Apple ID should change their passwords immediately to something that is more secure and complex and enabling two-factor authentication would be a good step. Go ahead and take the measures before something bad happens.
Anup Singh is a professional writer with a bachelors degree in Mechanical Engineering from NIT Durgapur. His love for content writing started 2 years back with writing articles and paper descriptions for college magazine. From then on, he has developed his skills as a technical content writer. He is also a passionate lyricist.