Hackers Threaten to Wipe Out Millions of iCloud Accounts if Apple doesn’t Pay $75K

1 minute read
| News

A group of hackers are trying to extort Apple with the threat of wiping out thousands of iCloud accounts and remotely resetting iPhones. They say they’ll follow through if Apple doesn’t pay up US$75,000 in Bitcoin or Ethereum by April 7th.

Hackers demand $75,000 from Apple as extortion with threat to wipe out millions of iCloud accounts

Hackers trying to extort Apple with threat of wiping out iCloud accounts

The hackers are going by the name Turkish Crime Family, and are demanding payment in either of the crypto-currencies. Alternately, they say they’ll accept $100,000 in iTunes gift cards.

The TCF shared their plan with Motherboard saying, “I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing.”

The hackers say they have access to over 300 million accounts and may have shared their plan with Motherboard in hopes of pressuring Apple into paying up. That doesn’t, however, look like something Apple is interested in doing.

The email interaction between Apple and the hackers shows the iPhone and iPad maker isn’t ready to play along. Apple told the group, “We would like you to know that we do not reward cyber criminals for breaking the law,” adding that their email communications are being handed over to law enforcement.

TCF isn’t sharing a list of accounts they plan to wipe. Presumably they’re accounts where two-factor authentication isn’t enabled. Two-factor authentication requires an additional one-use access code along with your password to access your account.

If you haven’t enabled two-factor authentication for your Apple ID and iCloud account yet, now looks like a really good time.

5 Comments Add a comment

  1. geoduck

    They’ve got balls, I’ll give them that.
    It won’t get them anywhere, but on some level you gotta admire their chutzpah.

  2. wab95

    Jeff:

    This would-be heist has all of the sophistication of the Three Stooges. And yes, we are passed time for users to switch to two-factor authentication, although it’s not exactly clear what the threat is here and whether or not two factor authentication would be protective (how are they resetting iPhones – malware already installed on compromised phones?).

    @geoduck:
    Balls, perhaps, but not a lot of smarts.

    If you’re going to commit what amounts to felony extortion, why stop at chump change for a company like Apple ($75,000 or $100K in gift cards – which are traceable I might add, but let’s not digress), when the penalty when one is inevitably caught will be the same as if you requested, I don’t know, $75,000,000 – also chump change for said company. The ransom bespeaks not-yet-ready-for-prime-time-even-if-prison-bound.

  3. geoduck

    wab95
    I agree these are not mental giants, I kept thinking of that graphic that’s been floating around social networks. IT looks like a Windows pop up and says something like “This is the Albanian virus. Please delete a critical file and send this to seven of your friends.” And the $75k did crack me up.

  4. francini@mac.com

    This report (and the later one posted yesterday) are disingenuous.

    This is disingenuous. The list of passwords they have were obtained from breaches in other 3rd party services. Since many people use the same or similar passwords on a lot of Web services, it’s no wonder that the key that fit some other compromised lock (LinkedIn, for example) would also fit Apple’s.

    Apple has stated categorically (and I believe them) that there have been NO breaches in their service that could have caused password leakage.

    So if your iCloud password is the same as your LinkedIn password from several years ago, then, yes, go change it. Otherwise, stop worrying that the ‘sky is falling’ and get on with your life.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account