A shady group of hackers called The Turkish Crime Family claims to have gained access to 300 million Apple email accounts, meaning they can mess with all the data in all the associated iCloud accounts. That includes, they say, the power to remotely wipe iPhones. The boast is that they can reset at least 200 million iPhones to their factory defaults. (The exact numbers are sketchy. Still…)
Oh, they’ll return the information–if Apple pays a ransom by April 7.
The TCF is demanding $75,000 in crypto-currency (Bitcoin is preferred, but Ethereum is also fine) or–get this–$100,000 worth of iTunes gift cards.
Although Apple hasn’t commented–they never do in situations like this–screenshots and a video have been provided to at least one site. This is from Motherboard.
The hackers provided screenshots of alleged emails between the group and members of Apple’s security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple.
“Are you willing to share a sample of the data set?” an unnamed member of Apple’s security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain).
The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman’s iCloud account, which includes backed-up photos, and the ability to remotely wipe the device.
“We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it’s seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law,” a message allegedly from a member of Apple’s security team reads. (Motherboard only saw a screenshot of this message, and not the original). The alleged Apple team member then says archived communications with the hacker will be sent to the authorities.
True? False? Idle boast? Might want to keep an eye on your @iCloud and @me accounts, just in case.