After news made rounds that Apple is being extorted by a gang of cyber attackers that claim to have access to hundreds of millions of iCloud accounts, an Apple spokesperson has today issued a statement to Fortune that there has been no breach of the company’s iCloud systems.
Motherboard wrote yesterday that a group that identifies itself as “Turkish Crime Family” is extorting Apple for $75,000 in bitcoin or Ethereum crypto-currency, or $100,000 worth of iTunes cards, in exchange for around 559 million iCloud accounts that it has stolen the credentials to. They gave Apple an ultimatum of Apple 7 to make the transfer, and threatened to wipe clean the devices connected to those 559 million iCloud accounts.
“I just want my money and thought Apple customers would be interested in reading and hearing about this story”, said one of the attackers to Motherboard. They also fed information to other media sources in an attempt to pressurize Apple into complying with their demands, and a video was allegedly posted on YouTube demonstrating how they can access the stolen iCloud accounts.
However, Apple has reassured users today that even if the group has a list of iCloud credentials that it is threatening the company with, no breach had been made of the iCloud system recently, and those credentials could have come from previous third-party compromised services. What it means, simply, is that “Turkish Crime Family” could be using credentials of users that were perhaps compromised in the past, but are now fully-secure.
Their tactic of reusing previously-compromised data is not unheard of, but Apple has said that it will be handing the archived communication with the group to the authorities, and steps are being taken to prevent any mass iPhone data wipe.