On Wednesday we reported that Apple had become the target of a ransom threat, with hackers claiming to have access to more than 600 million iCloud accounts. A group known as the "Turkish Crime Family" said they would reset and wipe the accounts unless Apple paid them $150,000 in Bitcoin by April 7.

Apple responded to the threat by stating that there had not been any breach of its systems, and that if hackers did have access to iCloud accounts then it could only be because of compromised third-party services.

Apple two factor authentication
Yesterday, ZDNet said it had received a set of 54 account credentials from the hacker group for "verification" and subsequently reported that all of the accounts were valid, based on a check using Apple's online password reset function.

The accounts include @icloud.com addresses dating back to 2011, as well as legacy @me.com and @mac.com domains from as early as 2000. The list of credentials is said to contain email addresses and plain-text passwords separated by a colon. According to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, this would suggest the data could have been aggregated from various sources.

ZDNet worked to contact each account holder via iMessage to confirm their password, and found that many of the accounts are no longer registered with Apple's messaging platform. However, of those that could be contacted, 10 people – all based in the U.K. – confirmed that the passwords were accurate, and they have changed them as a result.

When pressed about the original source of the data, the hackers claimed that it was "handled in groups" without explaining how or why. The hackers also refused to hand over a U.S.-based sample of accounts.

All of the people with compromised accounts said that until now, they had never changed their iCloud passwords before. One person said that the password he confirmed with ZDNet was no longer in use as of about two years ago, which narrows down the possible date of a breach or multiple breaches to somewhere between 2011 and 2015.

Most of the people confirmed that they used their iCloud email address and password on other sites, such as Facebook and Twitter. However, three people said that their iCloud email address and password were unique to iCloud, and were not used on any other site. Also, two people claimed someone had tried to reset their iCloud passwords in the past day.

It's unclear if the sample provided is representative of the wider pool of credentials the hackers claim to have, but based on its communications with the group, ZDNet suspects that its members are "naïve and inexperienced" and primarily seeking publicity.

Given that Apple has denied a breach, the account information may have been obtained from a major hacking incident, such as the one that befell Yahoo. iCloud users who have the same username and password that was used for both a hacked site and for iCloud should change their passwords immediately.

Anyone else concerned about the hacking claims should change their password and consider using two-factor authentication to secure their Apple ID credentials. Apple has said that it is "actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved".

Tag: iCloud

Top Rated Comments

RightMACatU Avatar
105 months ago
It's clear from this thread that cyber education is still required ;)
Score: 20 Votes (Like | Disagree)
keysofanxiety Avatar
105 months ago
fall for what, a site linking to apple.com?
Well, you just fell for it. The URL leads to a login website that looks identical to Apple's; except it isn't Apple's. After you've 'signed in', they've just got your details. Simple as that. It's not too difficult to change the URL path in an email while keeping what looks like a legitimate link.

That's how phishing works. It gets smarter and smarter.
Score: 16 Votes (Like | Disagree)
honglong1976 Avatar
105 months ago
Wonder if an email I got this morning is anything to do with this:

From: Apple (email address: neojacks@frankyhazard.com)

Dear Customer,

Your Apple ID (xxxxxxx@xxxxxx) was used to sign in tο iCloud οn an iPhοne 7.

Date and Time: March 24, 2017, 01:53 AM PST
Operating System: iOS 10.0.3

If you have nοt recently signed in tο an iPhοne 7 with your Apple ID and believe sοmeone may have accessed your account, gο tο Apple ID (https://appleid.apple.cοm actual link goes to https://appleid.apple.xn--cm-jbc/) and update your information as sοon as possible.

I don't have an iPhone 7 and I am not on iOS 10.0.3

Wonder how many people fall for this :)
Score: 8 Votes (Like | Disagree)
jsmith189 Avatar
105 months ago
fall for what, a site linking to apple.com?
Right click, copy link.



Attachment Image
Score: 7 Votes (Like | Disagree)
keysofanxiety Avatar
105 months ago
It's clear from this thread that cyber education is still required ;)
Yeah! To those hoping for more tips, I'd recommend going to https://www.cybereducation.com ('//www.youtube.com/watch?v=dQw4w9WgXcQ') for further information.

And it's that easy. Trust nothing and no-one online. Question everything. Ensure every link goes to where you expect it to. Go directly through the URL bar rather than following an email link if you're unsure. Phishing gets more and more elaborate and convincing.
Score: 7 Votes (Like | Disagree)
keysofanxiety Avatar
105 months ago
Educate yourself. There are a ton of resources available at your fingertips. Sick of people making excuses or being dumb. You don't need to walk to a library anymore or enroll in a university to get information.

People should educate themselves on cars and seek help from more than one person since mechanics can take advantage of innocent people.
[doublepost=1490360738][/doublepost]

We got one! Sorry that your account has been compromised. Maybe you'll learn from your mistake in the future.
What's with the lemon juice attitude? Everybody started somewhere. If you spent your energy and efforts trying to help people rather than patronising them or saying "serves you right", you might find it a rewarding experience.

At the absolute least, you'll assist people from falling victim to these phishing attempts.
Score: 6 Votes (Like | Disagree)

Popular Stories

Beyond iPhone 13 Better Triad

Apple's 20th Anniversary iPhone May Finally Go All Screen

Tuesday April 15, 2025 6:31 am PDT by
Apple is preparing a "bold" new iPhone Pro model for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. As part of what's being described as a "major shake-up," Apple is said to be developing a design that makes more extensive use of glass – and this could point directly to the display itself. Here's the case for Apple releasing a truly all-screen iPhone with no...
maxresdefault

iPhone 17 Pro Launching Later This Year With These 12 New Features

Sunday April 13, 2025 7:52 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Subscribe to the MacRumors YouTube channel for more videos. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and ...
iOS 19 Roundup Feature

iOS 19 Will Add These New Features to Your iPhone

Tuesday April 15, 2025 7:37 am PDT by
The first iOS 19 beta is less than two months away, and there are already a handful of new features that are expected with the update. Apple should release the first iOS 19 beta to developers immediately following the WWDC 2025 keynote, which is scheduled for Monday, June 9. Following beta testing, the update should be released to the general public in September. Below, we recap the key...
CarPlay Hero

Apple Releases Wireless CarPlay Fix

Wednesday April 16, 2025 11:28 am PDT by
If you have been experiencing issues with wireless CarPlay in your vehicle lately, it was likely due to a software bug that has now been fixed. Apple released iOS 18.4.1 today, and the update's release notes say it "addresses a rare issue that prevents wireless CarPlay connection in certain vehicles." If wireless CarPlay was acting up for you, updating your iPhone to iOS 18.4.1 should...
iphone 16 pro models 1

17 Reasons to Wait for the iPhone 17

Thursday April 17, 2025 4:12 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you skipped the iPhone...
Apple 2025 Thumb 1

10 Products Still Coming From Apple in 2025

Friday April 11, 2025 4:14 pm PDT by
Apple may have updated several iPads and Macs late last year and early this year, but there are still multiple new devices that we're looking forward to seeing in 2025. Most will come in September or October, but there could be a few surprises before then. We've rounded up a list of everything that we're still waiting to see from Apple in 2025. iPhone 17, 17 Air, and 17 Pro - We get...
iOS 18

Apple Releases iOS 18.4.1 With Bug Fixes

Wednesday April 16, 2025 10:11 am PDT by
Apple today released iOS 18.4.1 and iPadOS 18.4.1, minor updates to the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.4.1 and iPadOS 18.4.1 come two weeks after the launch of iOS 18.4 and iPadOS 18.4. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. There have been complaints about ...
AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Friday April 18, 2025 5:16 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
iPhone 6s MacRumors YouTube

Apple Says These Products Are Now Vintage

Tuesday April 15, 2025 9:53 am PDT by
Apple today updated its vintage products list to add the 2018 Mac mini and the iPhone 6s, devices that will get more limited service and repairs now that they are considered vintage. The iPhone 6s initially launched in 2015, but Apple kept it around as a low-cost device until 2018, which is why it is only now being added to the vintage list. The iPhone 6s had Apple's A9 chip, and it was...