A group of hackers claims it has access to over 300 million Apple email accounts — and they say they’re ready and willing to wipe the user data from hundreds of millions of iCloud accounts if Apple won’t pay up by April 7.
The group, which is calling itself the Turkish Crime Family, demanded a $75,000 ransom in either Bitcoin or Ethereum, another form of online currency, to delete the data, reports Motherboard. The site broke the story Tuesday morning after corresponding with multiple people online claiming to represent the group, which will also settle for $100,000 worth of iTunes gift cards as payment.
Members of Turkish Crime Family provided Motherboard with a video, screenshots of emails and access to an email account allegedly used to correspond with Apple’s security team to prove their claims. Reps from Apple flatly denied the group’s request before threatening to forward the information to authorities, according to the report.
The video shared in the email, which was uploaded to YouTube, reportedly shows the group scrolling through multiple stolen iCloud accounts. This was the only proof provided to Motherboard of the cache’s existence.
A Twitter handle claiming to represent the group popped up shortly after Motherboard‘s report went live. As of this article’s publication, the account has been used to reiterate the group’s threats and retweet news coverage.
The group has since made itself available to the press via a direct email account, which was also shared with the world via tweet.
It’s story isn’t exactly consistent, though: one rep told Motherboard that its cache numbered around 300 million accounts, but another estimated they had access to 559 million emails. Meanwhile, the Turkish Crime Family Twitter handle is capping the number of iCloud accounts that will be affected in an attack at 200 million.
When reached by Mashable, Apple reps had no comment on the matter.
Cyber attacks on our personal data storage systems are no joke — and iCloud has experienced wide scale breaches before, most notably in 2014 when multiple celebrity accounts where accessed and personal photos were shared online. In that instance, the security issue stemmed from the iCloud accounts’ weak personal safety settings rather than any flaw in Apple’s system.
The Turkish Crime Family hasn’t provided any insight into how it claims to have hijacked the accounts, so we’re cautious to accept their claims at face value — especially since the group doesn’t seem to have its story straight. Even though it provided Motherboard some alleged communications with Apple and a video, that doesn’t prove it has the ability to follow through on its threats.
This may well be little more than an overblown stunt, unless the group comes forward with some more proof.