A group of hackers calling themselves the ‘Turkish Crime Family’ claim to have access to a large number of Apple email accounts and are holding them ransom for $75,000 in Bitcoin or Ethereum.
According to a recent article by Motherboard, who had contact with the group, the hackers uploaded a YouTube video of them logging into some of the accounts. In the video an elderly woman’s account was accessed, which contained backed up photos and the ability to wipe all data from the account.
"We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it's seeking unwanted attention,” reads an alleged message from a member of Apple’s security team.
“Second of all we would like you to know that we do not reward cyber criminals for breaking the law."
The story given by the hackers is inconsistent. Two different members of the hacker group have given different information regarding the number of accounts in their possession. One member says they have 300 million, while another claims that they have compromised 559 million accounts.
Two experts from Webroot Cybersecurity spoke on the claims made by the hackers. Tyler Moffitt, senior threat research analyst at Webroot outlined the issue.
“This issue illustrates that no matter how reputable or confident a company is with their security policies, they are still vulnerable and at risk at all times,” says Moffitt.
“Unless there are adequate backup policies in place, I have no doubt that ransom will be paid, regardless of what Apple publicly claims. There is a high chance of this data eventually appearing on the darknet.”
David Dufour, senior director of engineering & cyber security at Webroot suggests Apple users err on the side of caution.
“First, if you still have access to your data, back it up to a DVD, USB or some other offline source. Second, change your password. This should prevent the cyber criminals from gaining access to your account and deleting the data,” says Dufour.
“This assumes they don't still have access to the backend systems. If you can't access your account or data contact Apple immediately.”
While the credibility of the threat is largely unknown, it is may be wise to exercise caution when it comes to cyber security. Changing passwords and updating security information is recommended for Apple customers.