A group of hackers is allegedly trying to extort Apple by holding its customers’ data for ransom and threatening to remotely wipe iCloud accounts connected to both iPhones and iPads if those ransoms are not paid.
The group self-identifies as the “Turkish Crime Family,” and it is demanding either $75,000 in Ethereum or Bitcoin or $100,000 in iTunes gift cards, according to a report from Motherboard. The hackers gave Apple an April 7 deadline to meet the demands — or else they will start wiping both phones and iCloud accounts.
More: Hacker reportedly steals iPhone cracking tools used in shooting case
But is this all legit? New reports indicate so. The hacking group provided tech publication ZDNet with a sample set of the iCloud credentials, and ZDNet was subsequently able to verify the information. How? Well, it used Apple’s password reset tool to verify 54 accounts belonging to U.K.-based iCloud customers.
It’s important to note that while all 54 accounts were valid, ZDNet was only able to verify the actual passwords of 10 people. As part of the verification process, the reporters reached out to all of the victims, and at least one of them noted that their password was changed around two years ago, so the breach could be at least a few years old. Most of the individuals said that they used the same login credentials on other websites — which supports the concept that the group didn’t hack Apple but rather used information from other breaches.
According to Motherboard, one of the hackers claims to have gained access to 300 million Apple email accounts, including those using @icloud and @me domains. Another hacker in the group claimed that the group had access to 559 million accounts in all.