Home
Internet
Internet News
iCloud Not Hacked, but Some s in Criminals' Possession Reportedly Genuine

iCloud Not Hacked, but Some s in Criminals' Possession Reportedly Genuine 195b6y

By Jamshed Avari | Updated: 24 March 2017 13:18 IST

Highlights

Turkish Crime Family is trying to extort a ransom from Apple
It claims that it will wipe out at least 250m Apple s on April 7
At least some of the sample IDs given to media have proven to be accurate

ment

Apple has iCloud and Apple email s. However, independent verification of samples of this set provided to media outlets indicate that at least some of them are in fact genuine, and that s should be worried. 6l2m2b

The relatively unknown organisation calling itself Turkish Crime Family says it will remotely wipe s' devices and the contents of their s on April 7 if Apple does not pay each of its seven $100,000.

The group has released evidence that it is in with Apple's security team, and has also proactively reached out to various international media organisations to bolster its claims. A public Pastebin post and several tweets describe frustration with reporting of the situation, and clarify that the group never claimed to have hacked Apple directly, but the s are genuine and were gathered from multiple insecure third-party sources.

The Turkish Crime Family further claims to be able to reset 150 s per minute using 17 scripts running simultaneously on each of its 250 servers, for a total of 637,500 s per minute. Those servers have purportedly already verified 250 million of the Apple IDs in the group's possession, with more being added after checking for simple modifications such as the capitalisation of the first letter.

ZDNet and TNW have both investigated the situation, and report that while some of the s are several years old and not functional, many others are. ZDNet reached out to the Turkish Crime Family and was given a small sample of 54 IDs and says that Apple's reset page accepts them all as valid s. ZDNet then tried ing the s in question, and managed to confirm that ten of the s it was given were correct and still in use.

All ten individuals said that they had not changed their s since creating their s several years ago. One other respondent said that the in ZDNet's possession was correct in the past but had been changed by him two years ago, which means at least some of the breach occurred longer ago than that.

Among those ed, there was no common pattern of ownership of specific Apple devices or using specific iCloud or Apple ID features. While many respondents itted to using the same for other major services, three said that their s were used only for iCloud, opening up the possibility that this data was harvested from sources other than third-party breaches.

TNW was also provided a sample, and says that it cross-referenced them with s known to have been harvested from the massive LinkedIn breach. However, only a few s matched, indicating that those s were simply using common email addresses and s across services.

No matter whether Apple itself was compromised or not, and whether these credentials have been collated from one breach or multiple sources over multiple years, anyone with an Apple ID should change their s immediately and enable two-factor authentication to prevent unauthorised access. This covers Me.com and iCloud.com email s, iTunes store s, and iCloud itself.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Apps

US Senate Says ISPs Free to Sell Customer Information Without Permission

iCloud Not Hacked, but Some s in Criminals' Possession Reportedly Genuine 195b6y

Related Stories x6q4h