HACKERS who claim to have control of at least 200 million iCloud accounts have issued a public demand to Apple: pay ransom or we wipe them all.
The hacking group calling itself the Turkish Crime Family has provided video evidence of its claims to the tech site Motherboard, with a demand to Apple that it pay the ransom or face the consequences.
The hackers have listed the price of the ransom as either US$75,000 ransom in Bitcoin or US$100,000 in iTunes gift cards.
While the demands seem both outlandish and alarming, Motherboard confirms it has seen screenshots of emails appearing to be communications between the hackers and Apple’s security team.
200 Million iCloud accounts will be factory reset on April 7 2017
— Turkish Crime Family (@turkcrimefamily) March 21, 2017
The hackers also have shown off video which appears to demonstrate how they can log into the compromised accounts.
Apple has not commented on the report.
Without confirmation from Apple, it is difficult to verify the claims of the hackers.
There are also some discrepancies in their story. One account from the hackers says it has access to 200 million accounts, another says 300 million and a third says 559 million.
The hackers have given Apple an April 7 deadline before it performs a factory reset on the accounts, wiping all of their data.
Tyler Moffitt, senior threat research analyst with Webroot, said the threat illustrates that every company was vulnerable to attack no matter how reputable or confident it was with its security.
“Unless there are adequate backup policies in place, I have no doubt that ransom will be paid, regardless of what Apple publicly claims,” Mr Moffitt said.
“There is a high chance of this data eventually appearing on the dark net.”
Security analysts said Apple users should consider changing their iCloud passwords to prevent unauthorised people having access to their accounts.
Chris Roberts, chief security architect at threat detection and defense solutions firm Acalvio, said consumers should be concerned if the hackers claims were true.
“If, and it’s a big if, they have the data then yes, consumers should be concerned. They need to be ready for another round of password resets and hopefully some two-factor authentication discussions,” Mr Roberst said.
“If, and again it’s an if, they have access to that volume of accounts, they will have already harvested anything good out of them therefore it sucks.
However, once again, data is out in the wild.
“Finally, if this is real, then what the heck is Apple doing with security? And why the heck are they not putting anything official out?”
Pay up or grandma’s photos of her grandkids are toast.
That’s the threat being laid down by a hacker or hackers who claim to have access to as many as 300 million iCloud and Apple email accounts.
The hackers, who call themselves “Turkish Crime Family,” want Apple to pay a ransom of $75,000 to $100,000 in exchange for not deleting the contents of the accounts.
“I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing,” one of the hackers told Motherboard, the Vice Media online magazine.
So far, Apple has told the hackers to take a hike — telling them in an email seen by Motherboard that the Cupertino, Calif., company does not “reward cyber criminals for breaking the law.”
The hackers are threatening to hit delete on April 7.
The group doesn’t want the ransom in good old American greenbacks — perhaps knowing it would be too easy to trace.
They want either $75,000 in bitcoin or ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards.
To prove they actually could carry out such a hack, the group uploaded a YouTube video of them allegedly logging into some of the stolen accounts, Motherboard reported.
The hacker appears to access an elderly woman’s iCloud account, which includes backed-up photos, and the ability to remotely wipe the device.
Apple did not reply to multiple attempts by Motherboard to get comment.