A hacker group identifying itself as the “Turkish Crime Family” is threatening to reset millions of iCloud accounts and wipe iPhones unless a ransom of $75,000 in crypto currency or $100,000 in iTunes gift cards is paid by April 7, Motherboard reports.
But Apple says it hasn’t been hacked.
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the company said in a statement provided to Fortune. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
“To protect against these types of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication,” the company added.
Linked to LinkedIn
An unnamed person who’s seen the data held by the hackers told Fortune that many of the email addresses and passwords match data from the LinkedIn breach that was disclosed last year.
And John Bambenek, threat systems manager at Fidelis Cybersecurity, said the threat ultimately sounds like a stunt. “There are always people who make unfounded threats to organizations in the hope of an easy payday — in this case, the hackers want $100,000 in iTunes gift cards,” he said.
“Companies must take due diligence but assess the adversary before paying to see if the threat is real,” Bambenek added. “As in the physical world, the odds are that paying a ransom, especially in a public manner, means the threats only increase.”
Still, Lamar Bailey, director of security research and development for Tripwire, pointed out by email that regardless of the source of the data, if the hackers have password access to user accounts, they can wipe iPhones remotely and change user passwords.
“The hackers cannot remove backups for Apple devices from the cloud, but changing the passwords will make it hard for the legitimate users to reset and recover their devices,” Bailey said.
Concerns About iCloud
A recent Clutch survey of 1,001 iPhone users found that 47 percent of respondents said they’re only “slightly” or “not at all” comfortable with storing personal information on iCloud, while 44 percent said they’re “very” or “somewhat” comfortable doing so.
Fifteen percent of respondents said they don’t know what data they’re currently backing up to iCloud, and 34 percent don’t know whether iCloud features are enabled on their iPhone.
“The worst thing in the world would be if someone thought they backed something up, deleted it, and found that it wasn’t on the cloud,” Network Remedy business development manager Aaron Mangal told Clutch.