A group of hackers going by the “Turkish Crime Family” is demanding either $75k worth of Bitcoin or Ethereum, or $100k worth of iTunes gift cards for the return of millions of iCloud accounts hacked within the past few years.
Per published reports, if Apple fails to pay the ransom for the hacked iCloud credentials by April 7th, the group will begin remotely wiping data connected with these accounts. This may include erasing data from iPhones and iPads connected to the compromised iCloud accounts as well. According to Motherboard, some 300 million Apple customers could be impacted.
Though Apple has told Fortune that there haven’t “any breaches in any of Apple’s systems including iCloud and Apple ID”, the Turkish Crime Family clarified in a statement issued on Thursday that the data was collated by combing through five years worth of database leaks—those outside of Apple services themselves. Meaning, people at risk are those using the same log-in/password combination on other websites that have been compromised over the past few years (and we know well , that is an extensive list)
Indeed, when provided a sample list of compromised accounts, ZDNet was able to confirm 54 of the 54 accounts given, using Apple’s password reset tool. Worth noting, however: only 10 passwords of these 54 accounts were able to be verified. Still, that leaves a significant number of potential iCloud accounts hacked exposed to becoming wiped, should Apple not pay the ransom in two weeks.
Apple is apparently working with authorities to prevent any unauthorized access to iCloud accounts due to this hack. Stay tuned for further updates as they occur.