Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data

A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.

Two factor

[Chewbacon]

Let's see if all this 2-factor authentication is everything it's cracked up to be!

Re:Two factor

Doesn't matter. 2-factor authentication is not needed to get to the Find My iPhone page, presumably because that second factor could very well be the lost iPhone. So if these criminals have account passwords (unlikely, sounds like bad bluffing), they'll be able to go into FMI and remote-wipe devices to their heart's content. Until they get blocked.

Re:Two factor

[93+Escort+Wagon]

Let's see if all this 2-factor authentication is everything it's cracked up to be!

Since this is starting to sound like yet another case of people being lazy with passwords, it's unlikely anyone affected has two-factor authentication enabled.

Re:Two factor

[tattood]

Let's see if all this 2-factor authentication is everything it's cracked up to be!

Since this is starting to sound like yet another case of people being lazy with passwords, it's unlikely anyone affected has two-factor authentication enabled.

You don't get access to 300 million account by guessing passwords or phishing. You get it by hacking Apple directly and stealing the backend data. Either way, anyone with an iCloud account should change their password just to be sure.

Re:What the response should be

[thesupraman]

Hmm, you used Slashdot.... Slashdot user! obviously you will certainly defend these criminals or blame Apple and the victims!
Drone Strike!

Yawn.

one MILLION dollars!

[thesupraman]

Dont they know a true evil genius must ask for one MILLION dollars!

Amateurs

Re:one MILLION dollars!

[hcs_$reboot]

Maybe the article is wrong and they didn't requested $75k, they requested BC75k instead, which does translate to a quite big amount of $$.

Re:one MILLION dollars!

[jfdavis668]

If it was Microsoft, you would have to demand $640K

Stupid question

[Locke2005]

So, if Apple can convince everybody to change their password, they will have zero stolen accounts? Or have the hackers already changed the passwords?

Re:Stupid question

[ArchieBunker]

If 300 million iCloud passwords suddenly stopped working you'd hear about it.

$75k?

[Moheeheeko]

Do they know its Apple they have by the balls?

Re:$75k?

[OpenSourced]

Do they know its Apple they have by the balls?

Well, it's not like they are going to really delete it.

Re:$75k?

They are just negotiating the bug bounty reward.

Re:$75k?

[gnasher719]

Do they know its Apple they have by the balls?

They don't have anybody by the balls. There is a big, big difference between opening your big mouth and claiming you have access to 300 million iTunes accounts, and having access to 300 million iTunes accounts.

And one of the "hackers" will get his ass spanked by his grandma for deleting her account.

Re:$75k?

1. You are assuming they are telling the truth.

2. All 300 million people don't live in the same town. That's going to raise a red flag with the login process.

3. They can't delete all 300 million at once. They can't delete a significant fraction of 300 million at once. You block IPs once you see them appear.

4. Turning the honeypot on when it hits April 7 is pretty easy.

5. You are assuming they are telling the truth.

Re:$75k?

[wonkey_monkey]

Yeah, they're realy under-pricing their hoard, assuming they really have it.

I wonder if they just compromised enough accounts via other means in the hopes of passing light scrutiny and $75,000 was the most they thought they might possibly get away with asking for without anyone bothering to take a closer look.

Re:$75k?

[TheFakeTimCook]

Do they know its Apple they have by the balls?

Well, it's not like they are going to really delete it.

And it's not like Apple doesn't have backups.

Re:$75k?

[AHuxley]

For 75K the FBI adds a one to the federal US computer crime statistics.
At around 78K and above the FBI sends out two agents.

Re:$75k?

[hcs_$reboot]

Funny, but $75k is probably just the amount of money Apple gives to a secretary as a yearly bonus. Meaning not a big deal. Meaning, if Apple pays the hackers will likely ask even more...

Re:$75k?

[hcs_$reboot]

I wonder if they just compromised enough accounts via other means in the hopes of passing light scrutiny and $75,000 was the most they thought they might possibly get away with asking for without anyone bothering to take a closer look.

Or they request 75k for starters, then after being paid, they do make another request, of 10 times that amount.

heart cloud

[fluffernutter]

Love the cloud. Love the cloud. Love the cloud. Love the CLOUD.

Re:heart cloud

[n329619]

Love the cloud

There is no cloud. It's just someone else's computer.

Re:Just don't pay - simple

[Lehk228]

iTunes gift cards

lol dumbasses don't realize that apple can issue and cancel itunes gift cards however they wish.

When people are dumb enough to rely on the cloud..

[TheDarkener]

I had a client a few years back that accidentally deleted 10 years worth of personal photos because they thought they were only deleting them from iCloud, not knowing it would delete it from their computer as well.

I say, if people are fucking stupid enough to entrust a third party with their data and not back it up independently, they get what they deserve.

Back up your shit, and back it up to YOUR OWN MEDIA.

Re:Just don't pay - simple

[fluffernutter]

Apparently it's a problem. Apple has an article on it on the front of their support page.

They're probably full of shit

[waspleg]

or they'd be asking for a lot more money. But I hope they do it. Apple fan boy tears are the best tears. Burn that walled garden :)

Re:When people are dumb enough to rely on the clou

[Striek]

I can't believe shit like this gets modded up. People like you - the ones who blame the user - give people like me a bad name.

They put it on iCloud - as far as they know, THAT IS A FUCKING BACKUP. They have independently set up an iCloud backup, as far as they are aware. Calling them stupid does nothing to address the cause, which in your example, is a shitty user interface provided by Apple that did not adequately inform the user of the effects of the action in question.

No, they do not "deserve" this. They made a simple mistake. We all do. Believing an iCloud copy is a reliable backup is a perfectly reasonable assumption to a layperson. They have a copy on their iPhone, and a backup copy in an iCloud account. Or conversely, they have a copy in an iCloud account, and a backup stored on their iPhone - THEIR OWN FUCKING MEDIA.

You seem to not understand that not everyone should be expected to maintain the level of knowledge you have on this matter. They don't understand it - so they place their trust in Apple - who, by all accounts, should know a hell of a lot more about this matter than they do.

Publicising Blackmail?

[rtb61]

Why would anyone publicise blackmail. Seriously, think about it, makes no sense at all. It publicly forces Apple into a corner where they are aiding and abetting crime by paying the ransom, so no ransom can be paid. So a mass invasion of privacy, why, no ransom? So who benefits by a publicised mass invasion or privacy, someone who already hugely and grossly invades privacy on a mass scale and wants to attack Apple to prove it can not provide privacy. Only one culprit really fits that bill and corporate espionage on all sorts of scale was inevitable and is happening. So which corporation most hates Apples ability to sell 'you' privacy, whilst that disgusting filthy vile company is selling 'your' privacy, M$. This really does stink of a corporate funded attack, maybe not from the top but most certainly from a major investor.

For Apple to prove itself it must act with an extreme corporate legal vengeance, can Apple buy privacy, in this case it most certainly, by offering ten times the blackmail demand with reward for the culprits and those who paid them. Most likely source of the hackers, corrupt intelligence services, contracts or ex-agents (Turkey recently conducted a purge).

Re:Publicising Blackmail?

[JaredOfEuropa]

Alternatively, this is a bunch of script kiddies who managed to guess the password to a handful of accounts, and are now trying to make a name for themselves.

Re:Publicising Blackmail?

[93+Escort+Wagon]

Another possibility is these guys got hold of known-cracked account info (e.g. Yahoo accounts) and then script-kiddied their way through the list to find the ones which were using the same credentials on iCloud.com.

Re:Publicising Blackmail?

[painandgreed]

Alternatively, this is a bunch of script kiddies who managed to guess the password to a handful of accounts, and are now trying to make a name for themselves.

I'm betting its a PR stunt for Ethereum

Re:Publicising Blackmail?

[xession]

It publicly forces Apple into a corner where they are aiding and abetting crime by paying the ransom, so no ransom can be paid.

That's not how ransom works. Any time there is a ransom request, the victim is allowed to pay it if the outcome is likely to be more desirable than not paying it. Where did you get the idea that paying a ransom was illegal? Happens all the time.

Re:Publicising Blackmail?

[rtb61]

Other people would disagree with you http://www.aph.gov.au/Parliame.... Want kidnappers et at pay for them and you will have all you want.

Re:When people are dumb enough to rely on the clou

[radarskiy]

-1 uninsightful and -1 overrated

Deleting all of your copies of data means you have no more copies, regardless of where those copies used to be.

Re:When people are dumb enough to rely on the clou

I call total BULLSHIT on this story:

1) when you delete a picture there is a pop up warning you that the picture will be delete from ALL devices.

2) deleted pictures are not deleted, they are moved to the trash album, in which they reside for 30 days, then and only then they are truly deleted. You just go to the trash album, select the pics and tap the recover button.

Re:When people are dumb enough to rely on the clou

What a rubbish comment 'Believing an iCloud copy is a reliable backup is a perfectly reasonable assumption to a layperson'' you should never make an assumption, it takes 5 mins to run a quick google search to confirm. I hate hearing people who are always looking to point the finger and blame someone else for their mistakes.

How did they get in?

[manu0601]

Do we have any idea how they managed to compromise 300k accounts?

Are you sure?

Are you sure they're Turkish hackers? Didn't you really mean Russian hackers? There's only two kinds of hackers in the world: Russian hackers, and the hacker known as 4chan.

Deleting them from iCloud?

[n329619]

ARE you afraid that AFTER waiting for 10 years, you will be TOO tempted to hit the DEL key on your macbook and WIPING everything you unknowingly uploaded to the Cloud?

FEAR NOT. Introducing the keyboard exercise! By doing a daily keyboard exercise per week, you can ensure your key-smashing excitement is well satisfied. It will also enhance your bodily excitement for a health life.

WHAT are you waiting for? Complete your daily keyboard exercise TODAY.

Disclaimers: May cause pain, numbness and soreness on head, fingers, foots and other body parts that you use to hit the keyboard. Bodily excitement not guaranteed. One copy of backup tempted for deletion required. Backups are not included.

Some prudent tips I have shared with friends

[technicalnotebook]

While time will tell the extent of this, I have been recommending the following to my friends (copied verbatim from https://www.facebook.com/stuar... ).

As a precaution, here are some prudent tips:
1. Log into your Apple Account at https://appleid.apple.com/ and enable two-factor authentication if you haven't already (see https://support.apple.com/en-a...) .
2. While you are there, if you have not changed your password in a while, consider doing that too (https://support.apple.com/en-au/HT201355).
3. As the threats include the threat of remotely wiping devices, you can disable this on each of your iCloud connected devices. See Macworld's good article on how to do this for each device type: http://www.macworld.co.uk/how-... . Note that if you do this, you will also be unable to use the Find my iPhone/iPad/Mac feature. Until more details come out, personally I feel this is acceptable given the risk.
4. When you are logged in at https://appleid.apple.com/acco..., check to ensure there are no devices you do not recognise under 'Devices'.
5. For the next few weeks, periodically do a local backup using iTunes of your iDevices. See https://support.apple.com/en-a... and click on 'Use iTunes'. I recommend you also set a backup password, this encrypts the backup and stores additional information making a future restore easier.
6. As always, BACKUP BACKUP BACKUP. For your Mac, I would already hope you have backups in place. If not, my favourite is CrashPlan http://crashplan.com/ and I have used it for years/put many friends onto it also.
Time will tell what will happen with these accounts, it never hurts to take a few prudent steps until the community at large knows more.

Re:When people are dumb enough to rely on the clou

[fluffernutter]

You should never make an assumption

The problem with that comment is that you have to know a certain amount of what you are doing in order to realize whether you are making an assumption or not. You might say a person should know at least that much about computers before using one, but that has never been who Apple sells to. Apple is supposed to 'just work'. These people probably don't know the difference between an email attachment and a file in the finder, so now their thinking they can't delete email attachment because it will affect their hard drive. If a person asks you to delete a file, just delete that file. Don't default to a behavior that deletes *ANOTHER* file that may be the last copy of the file anywhere. That's just stupid and that is hard for inexperienced people to understand.

Re:What the response should be

1) they're not civilians. They're economic terrorists. Drone strike.
2) they're not Americans. No US constitutional rights. Drone strike.
3) absolutely. A few drone strikes is a lot cheaper than upgrading my firewall every year for no reason because even that gets hacked. Drone strike.

Drone strike.

Re:For pity's sake...

[slazzy]

I know right? That would only buy like 75 iPhones! Always backup your important data locally in addition to cloud services.

Re:My bullshit-o-meter if off the charts.

[AHuxley]

AC it might help cover average community college for one person or help siblings or twins with some of their tuition fees over a year.
Or quality medication for one person thats a cure?

Re:When people are dumb enough to rely on the clou

[fluffernutter]

I've never used iCloud, I don't really understand #1. What if you legitimately want to remove your files just from iCloud, how do you do that then? It doesn't seem logical to me to respond to a user requesting to delete one representation of a file by deleting ALL representations of the file.

Re:When people are dumb enough to rely on the clou

[TheDarkener]

Who said anything about keeping backups on site?

Re:When people are dumb enough to rely on the clou

[TheDarkener]

Meh.

Thinking of iCloud as a "backup" is akin to thinking that having 2 broadband modems will help when your ISP goes down.

I would be suspicious

[dilvish_the_damned]

the iTunes gift cards are probably marked.

Re:I would be suspicious

[93+Escort+Wagon]

the iTunes gift cards are probably marked.

They contain explosive dye packets which trigger once the card gets too far away from any hipsters.

Re:When people are dumb enough to rely on the clou

[admin7087]

I'd like to add to this that people should also avoid proprietary file formats like the plague if they're interested in long-term storage. That nifty program to do X on MacOS will be gone with the wind in 10-20 years from now.

Actually it's clever

[DrYak]

Austin Powers-references besides, that's actually a good idea:

- 75k USD is actually indeed a very small sum. So small that Apple's PR department can easily cough it up (there are probably rounding error on Apple's marketing budget that are bigger than that) without it even going noticed in Apple's finances.
i.e.: It's pretty cheap for Apple to hand the money just to make them shut up and get them out of mind.

- 75k USD can actually means a lot in Turkey (if the hacker group are truks, as they claim) given the local buying power. The sum might seem ridiculously small to the US /. audience, but it might be comfortable enough for the hacker.

- The hackers have even said that they would accept 75k in iTunes card. That's money that will eventually get spent on Apple goods and services anyway. Apple's tax evasion special...^H financists will probably find a way to write it of as a loss and still profite out of it.

Re:Actually it's clever

[tattood]

The hackers have even said that they would accept 75k in iTunes card. That's money that will eventually get spent on Apple goods and services anyway. Apple's tax evasion special...

1) They asked for 100,000 in iTunes cards, not 75,000
2) The "money" from these iTunes cards may get spent on Apple products, but since those cards were given away and not paid for, Apple is still losing money.
3) This is rather stupid, since once Apple gives them the cards, and confirms the data is cleared, Apple will invalidate the cards making them useless.

Probably got passwords by phishing.

[knorthern+knight]

I got 3 dozen spam emails the past couple of years urgung me to click on a URL, and "verify my Apple Icloud account". They probably got a bunch that way. Wonder if John Podesta got his account "hacked".

Re:Just don't pay - simple

[bugs2squash]

That's why they asked for used itunes cards in low denominations with no sequential serial numbers, so they couldn't be tracked.

Re:When people are dumb enough to rely on the clou

[Headw1nd]

Careful not to cut yourself on all that edge.

Edge? What edge are you even talking about? Did you just see someone else use that response and copy it without understanding what it means?

Re:Just don't pay - simple

[Plumpaquatsch]

Apparently it's a problem. Apple has an article on it on the front of their support page.

You don't even understand what "it" is.

Re:When people are dumb enough to rely on the clou

[Plumpaquatsch]

Apple sure do a good job of marketing it as a backup... http://www.apple.com/icloud/ https://support.apple.com/en-u...

Yeah, they market it as a means of backup for iOS devices, if you can't do local backups (or really, really hate iTunes) https://support.apple.com/en-us/HT203977. What does that have to do with the iCloud backup of a Mac the OP pretends exists?