Apple Responds to Hack Threats, Says There Were No iCloud or Apple ID Breaches

by

In response to a ransom threat in which hackers are claiming to have access to more than 600 million iCloud accounts, Apple told Fortune there have been no breaches of its systems.

Instead, if the hackers do have access to iCloud accounts, Apple suggests previously compromised third-party services are at fault. From an Apple spokesperson:

There have not been any breaches in any of Apple's systems including iCloud and Apple ID," the spokesperson said. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.

Apple's response follows a report from Motherboard that suggests a group of hackers known as the "Turkish Crime Family" have claimed to have access to hundreds of millions of iCloud accounts.

Apple two factor authentication
The Turkish Crime Family has threatened to reset the iCloud accounts and remotely wipe victims' Apple devices if Apple does not pay $150,000 in Bitcoin or Ethereum by April 7. If Apple does not pay in three days, the group plans to increase the amount of money it is asking for.

Originally the group was believed to have access to 300 million icloud.com, me.com, and mac.com email addresses, but that number later jumped to 627 million due to additional hackers allegedly stepping forward to provide account credentials. The hackers say at least 220 million of the login credentials are verified to work and do not have two-factor authentication enabled.

With Apple denying a breach, the iCloud account information has likely been obtained from major hacking incidents that have affected companies like Yahoo. iCloud users who have the same username and password that was used for both a hacked site and for iCloud should change their passwords immediately.

The Apple spokesperson also told Fortune the company is "actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved," but did not outline what specific steps are being taken to monitor the situation beyond "standard procedure."

Apple recommends that all iCloud users choose strong passwords, use different passwords for different sites, and turn on two-factor authentication to protect their accounts.

Popular Stories

iPhone SE 4 Thumb 1

iPhone SE 4 With Apple's Own 5G Modem 'Confirmed' to Launch in March

Tuesday November 19, 2024 12:12 pm PST by
Barclays analyst Tom O'Malley and his colleagues recently traveled to Asia to meet with various electronics manufacturers and suppliers. In a research note this week, outlining key takeaways from the trip, the analysts said they have "confirmed" that a fourth-generation iPhone SE with an Apple-designed 5G modem is slated to launch towards the end of the first quarter next year. In line with previo...
Read Full Article117 comments
airtag purple

AirTag 2 Rumored to Launch Next Year With These New Features

Sunday November 17, 2024 5:18 am PST by
Apple released the AirTag in April 2021, so it is now three over and a half years old. While the AirTag has not received any hardware updates since then, a new version of the item tracking accessory is rumored to be in development. Below, we recap rumors about a second-generation AirTag. Timing Apple is aiming to release a new AirTag in mid-2025, according to Bloomberg's Mark Gurman....
Read Full Article96 comments
Magic Mouse Next to Keyboard

No, Apple CEO Tim Cook Didn't Say He Prefers Logitech's MX Master 3 Over the Magic Mouse

Sunday November 17, 2024 3:03 pm PST by
While the Logitech MX Master 3 is a terrific mouse for the Mac, reports claiming that Apple CEO Tim Cook prefers that mouse over the Magic Mouse are false. The Wall Street Journal last month published an interview with Cook, in which he said he uses every Apple product every day. Soon after, The Verge's Wes Davis attempted to replicate using every Apple product in a single day. During that...
Read Full Article327 comments
Generic iOS 18 Feature Real Mock

Apple Releases iOS 18.1.1 and iPadOS 18.1.1 With Security Fixes

Tuesday November 19, 2024 10:10 am PST by
Apple today released iOS 18.1.1 and iPadOS 18.1.1, minor updates to the iOS 18 and iPadOS 18 operating systems that debuted earlier in September. iOS 18.1.1 and iPadOS 18.1.1 come three weeks after the launch of iOS 18.1. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Apple has also released iOS 17.7.2 for...
Read Full Article28 comments
at t turbo indicator iphone 16 pro max v0 8hrh7w5f3w1e1

AT&T Turbo Indicator Showing Up in iPhone Status Bar for Subscribers

Wednesday November 20, 2024 3:42 am PST by
AT&T has begun displaying "Turbo" in the iPhone carrier label for customers subscribed to its premium network prioritization service, according to reports on Reddit. The new indicator seems to have started appearing after users updated to iOS 18.1.1, but that could be just coincidence. Image credit: Reddit user No_Highlight7476 The Turbo feature provides enhanced network performance through ...
Read Full Article91 comments
iPhone 17 Slim Feature Single Camera 1 Redux

'iPhone 17 Air' Rumored to Surpass iPhone 6 as Thinnest iPhone Ever

Monday November 18, 2024 1:07 pm PST by
In a research note with Hong Kong-based investment bank Haitong today, obtained by MacRumors, Apple analyst Jeff Pu said he agrees with a recent rumor claiming that the so-called "iPhone 17 Air" will be around 6mm thick. "We agreed with the recent chatter of an 6mm thickness ultra-slim design of the iPhone 17 Slim model," he wrote. If that measurement proves to be accurate, there would be ...
Read Full Article155 comments
bug security vulnerability issue fix larry

Make Sure to Update: iOS 18.1.1 and macOS Sequoia 15.1.1 Fix Actively Exploited Vulnerabilities

Tuesday November 19, 2024 10:52 am PST by
The iOS 18.1.1, iPadOS 18.1.1, and macOS Sequoia 15.1.1 updates that Apple released today address JavaScriptCore and WebKit vulnerabilities that Apple says have been actively exploited on some devices. With the JavaScriptCore vulnerability, processing maliciously crafted web content could lead to arbitrary code execution. The WebKit vulnerability had the same issue with maliciously crafted...
Read Full Article69 comments

Top Rated Comments

Kaibelf Avatar
Kaibelf
100 months ago
Typical Apple. Blame others first then admit to fault later, if ever.
Provide evidence before accusing
Score: 50 Votes (Like | Disagree)
ulyssesric Avatar
ulyssesric
100 months ago
Typical Apple. Blame others first then admit to fault later, if ever.
Typical hater. Blame Apple first for whatever they have or haven't done then disappear from the thread.
Score: 44 Votes (Like | Disagree)
Watabou Avatar
Watabou
100 months ago
Typical Apple. Blame others first then admit to fault later, if ever.
How are they blaming others? They're just saying people use the same user name and passwords. There was no actual scraping of user names and passwords from iCloud database is what Apple is saying. How the heck is that Apple's fault if people use the same username/passwords?
Score: 42 Votes (Like | Disagree)
Mansu944 Avatar
Mansu944
100 months ago
Typical Apple. Blame others first then admit to fault later, if ever.
But they said THEY have not been compromised.
Score: 27 Votes (Like | Disagree)
CarlJ Avatar
CarlJ
100 months ago
The people behind this kind of thing need to be set on fire, it's just evil behavior, whether or not they actually have the details they purport to have. I'm going to venture a guess that this, indeed, isn't a hack of Apple itself, and do simply have some password-reuse email/password combinations from other sites.

Time to turn on 2FA, if you haven't already, and never use the same password in more than one place - get a good password manager (I like 1Password) and use it to keep long random passwords that are separate for every site.
Score: 17 Votes (Like | Disagree)
wjw0111 Avatar
wjw0111
100 months ago
"There have not been any breaches in any of Apple's systems including iCloud and Apple ID," the spokesperson said. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."

Sounds to me like they're blaming others.
Well, it's not really "blame". It's just assuring that their systems have not been compromised.

There's not a lot they can do if someone creates an account with Apple, and an account with a third-party using the same username and password. The third-party gets hacked and then the username and password are exposed.

How exactly is Apple supposed to protect against that sort of attack? 2 factor authentication? Oh right... they already have that available...
Score: 10 Votes (Like | Disagree)
Read All Comments