Apple Says Hackers Threatening To Wipe iPhones Haven’t Breached iCloud

A hacking group calling itself Turkish Crime Family has boasted to media that it has access to hundreds of millions of iCloud accounts, but Apple says that's not true.

A hacking group that appears to be London-based and calls itself the Turkish Crime Family is boasting to media outlets that it has access to hundreds of millions of iCloud accounts. It’s threatening to wipe the devices associated with them if Apple does not pay a ransom of $75,000 in Bitcoin, Ethereum, or $100,000 in iTunes gift cards by April 7, as first reported by Motherboard. But Apple denies the group’s claims and says it will not pay the ransom.

Apple said in a statement to BuzzFeed News, "There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

“We're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites, and turn on two-factor authentication,” Apple continued in the statement.

The veracity of the hack is in question, especially since the number of accounts the group said it had access to shifted from 300 million to 559 million during its discussion with Motherboard, and ZDNet reported 250 million accounts. Turkish Crime Family has reportedly reached out to multiple media outlets, a tactic that hacking groups sometimes use to bolster their own reputations as serious threats by gaining attention and inflating panic.

ZDNet obtained a sample — 54 accounts — of the hacked accounts and found that although all of the credentials were legitimate, only a few were unique to iCloud, meaning that some data could have been aggregated from other compromised sources instead of a direct iCloud hack. ZDnet also said that the breach could have occurred between 2011 and 2015.

Hamza Shaban contributed reporting for this article.

Skip to footer