Apple has responded to claims that a hacker group has gained access to hundreds of millions of iCloud and other Apple email accounts stating that none of its systems were breached. Hackers going by the name ‘Turkish Crime Family’ claimed earlier in the week that they had gained access to more than 300 million Apple email accounts including iCloud and @me domains.
Motherboard first reported that the group demanded a $75,000 (£59,932) ransom in Bitcoin or Ethereum and threatened to remotely wipe millions of iCloud accounts if Apple did not pay up by 7 April. They said they were willing to accept $100,000 worth of iTunes gift cards as payment.
Apple did not formally confirm the authenticity of the data that hackers claim to have breached, but said if it is legitimate it was not obtained through a breach of Apple itself.
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the company spokesperson told Fortune. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
Citing a person “familiar with the contents of the data set”, Fortune reported that many of the accounts and passwords included within the data set matched data leaked in an earlier massive LinkedIn data breach from 2012.
The spokesperson said Apple is “actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved”. The company added users can protect themselves from such attacks by using stronger passwords, not using the same one across multiple sites and enabling two-factor authentication.
Apple declined to specify the steps taken so far, but noted that the measures taken were “standard procedure”.
A representative for Turkish Crime Family later told IBTimes UK that the initially reported ransom of $75,000 is false and they have actually requested $100,000 for each of their seven members or $1m worth in iTunes vouchers for instant resale at 60% of the original gift card value.
The hackers said one of their members who handled their Twitter account is “no longer with us due to a little inaccuracy and lack of professionalism”.
“The only conversations leaked between us and Apple were by a person that didn’t really associate with us and or the attack that is going to happen,” the hackers claimed. “All our conversations with Apple are kept private which were done via ICQ.”
When asked if they acquired the alleged data set via a third-party breach, the group said: “We can’t answer that question as a part of our agreement with Apple.”
“Breach or not, it will not change the fact that we have provided proof of 200m+ active combos out of a 700m list to multiple media outlets. We also showed our infrastructure for the attack that’s going to take place on 7 April 2017.”
The hackers have been inconsistent with their story so far with one of the cybercriminals claiming they had reportedly breached 559 million accounts overall. They also did not provide any evidence of the allegedly stolen iCloud accounts to verify their claims.
Motherboard was provided access to screenshots of the alleged emails between the group and Apple’s security team, a video uploaded on YouTube showing some of the stolen iCloud sites and access to an email account that was reportedly used to communicate with Apple.
The hackers said they are originally from Istanbul Turkey but “rep” Green Lanes, North London.
“We’re doing this because we can, and mainly to spread awareness for Karim Baratov & Kerem Albayrak which both are being detained for the Yahoo hack and one of them is most probably facing heavy sentencing in America,” they said.
“We are also determined that Apple will force their users to reset their passwords to stop us,” the group said. “If they do not they are going to face really serious server issues and customer complaints.”
They claimed they are still strengthening their infrastructure for the attack as more people get involved and provide them with more databases.
“Our entire group isn’t based on this single attack,” the hackers said. “We’re a new criminal organization with a lot of resources and power. This is just the start.”