Hackers demanding ransom from Apple provide small sample of valid iCloud credentials
Questions remain but you should change your password nonethelessBy Jose Vilches 10 comments
A couple of days ago news broke about a group of hackers calling themselves the Turkish Crime Family claiming they had access to at least 300 million Apple accounts, and were demanding a ransom of $75,000 in Bitcoin or Ethereum or $100,000 in iTunes gift cards directly from Apple. The hackers are threatening to remotely wipe victims' devices if Apple doesn't pay by April 7.
Apple responded to the threat by stating that there had not been any breach of its systems, and that if hackers had access to iCloud accounts then they must have gotten them from third party services --- people often reuse their same credentials for multiple websites, which is a poor security practice.
To prove they're not joking around the group recently contacted ZDNet with a small sample of 54 account credentials for verification purposes. Some accounts dated back to 2011 and were no longer in use, but of those that could be contacted by ZDNet, 10 people confirmed that the passwords were accurate.
Now, this doesn't prove that the hackers have managed to obtain 300,000 credentials, just that they do have access to some. Moreover, most of the people confirmed that they used their iCloud email address and password on other sites, although three claimed that they weren't used in any other site.
Whether the threat is to be taken seriously or the result of a group of hackers looking for some publicity and the possibility of a quick payout (which we doubt will ever happen), it wouldn't be a bad idea to change your Apple account password and enable two-factor authentication if you haven't already done so.