iCloud hacking incident: a new security threat

On Tuesday, March, 21st, a new hacker group – Turkish Crime Family – has started to blackmail Apple. These cybercriminals claim that they have hacked iCloud storage service and now have control over 100+ millions of user accounts. And they want a ransom. They demand $75,000 in cryptocurrency (either Ethereum or Bitcoin). There is an alternative option: they would also accept $100,000 in iTunes gіft cards. Later Turkish Crime Family posted on Twitter that in fact the sum of $75,000 was mentioned by mistake by one of their former group member, and they are actually asking for even more.

Eventually, if Apple refuses to pay them up, hackers threaten that on April, 7th they will wipe the iCloud data of Apple users. They will manage to do this by resetting user passwords and remotely erasing data from this cloud storage service. This means that users can lose everything they have stored there: photos, videos, documents, contacts, notes, e-mails etc – all the information will be deleted. But this data could also be used by hackers against innocent people just to blackmail them for money once again.

Later Apple has released the statement that none of their servers had been hacked or compromised. They say that everything is under control, and it is much more likely that the hackers are bluffing just to get a lot of money. They are monitoring everything to make sure that no unauthorized individual could access user accounts. On top of that, Apple advises their users to come up with strong passwords that shouldn’t be used for different accounts across the internet, or just update credentials and consider turning on an extra layer of security – a two-factor verification.  In the meantime, the company is also working with law enforcement authorities to find out who these cyber blackmailers are.

However, Turkish Crime Family has provided the evidence trying to prove that they really have gained the access to the accounts of iCloud users. They have sent 54 credentials to the tech news website ZDNet for further verification. As it turned out, these 54 accounts were valid. But after ZDNet started to reach out to users, it became known that only 10 people confirmed that those were their real current passwords. They had been using them for the last five years before they changed them recently. Moreover, some of the people confirmed that they used the same credentials logging in other websites, like Twitter and Facebook. So, it could also be possible that one of these sites was compromised. However, three users pointed out that their password and iCloud e-mail address were used specifically for iCloud.

Apple tends to believe that this information on credentials wasn’t obtained from breaching their servers. The company assumes that hackers got them from other sites being compromised previously.

So now there are two facts out there: it’s either Apple is really vulnerable or these so-called hackers just don’t know a thing they are talking about. Sooner or later we will get to the truth. The question is: what will be the cost of that truth? Let’s wait and see.