You’d be pretty alarmed if a hacker contacted you out of the blue and said they had access to your iCloud account and would wipe its contents and your iPhone unless you paid a ransom. Now imagine being Apple and being told that they’ll do just that to millions of your customers.
Motherboard was contacted by a hacker group calling itself Turkish Crime Family. In their exchange, the hackers reported having access to 300 million Apple accounts. They claimed to already have been in contact with Apple and issued their demands.
Fork over $75,000 in crypto-currency (either Bitcoin or Ethereum) or $100,000 in iTunes gift cards, and the data would be deleted. Apple was reportedly shown a YouTube video that demonstrated access to one of the compromised accounts. Motherboard also saw the video and several screenshots, and was granted access to an email account that the hackers reportedly used to communicate with Apple.
Apple’s puported response to the ransom demand: “we do not reward cyber criminals for breaking the law.” I’ve contacted the company for comment and will update this post with its response.
There are plenty of reasons to be skeptical of the hackers’ claims. Motherboard notes that several different numbers were given. At one point, some the total number of accounts was reported as 559 million, then that figure dropped by nearly half. Screenshots and emails can be easily faked.