Apple Responds to Hack Threats, Says There Were No iCloud or Apple ID Breaches

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Mar 22, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    In response to a ransom threat in which hackers are claiming to have access to more than 600 million iCloud accounts, Apple told Fortune there have been no breaches of its systems.

    Instead, if the hackers do have access to iCloud accounts, Apple suggests previously compromised third-party services are at fault. From an Apple spokesperson:
    Apple's response follows a report from Motherboard that suggests a group of hackers known as the "Turkish Crime Family" have claimed to have access to hundreds of millions of iCloud accounts.

    [​IMG]

    The Turkish Crime Family has threatened to reset the iCloud accounts and remotely wipe victims' Apple devices if Apple does not pay $150,000 in Bitcoin or Ethereum by April 7. If Apple does not pay in three days, the group plans to increase the amount of money it is asking for.

    Originally the group was believed to have access to 300 million icloud.com, me.com, and mac.com email addresses, but that number later jumped to 627 million due to additional hackers allegedly stepping forward to provide account credentials. The hackers say at least 220 million of the login credentials are verified to work and do not have two-factor authentication enabled.

    With Apple denying a breach, the iCloud account information has likely been obtained from major hacking incidents that have affected companies like Yahoo. iCloud users who have the same username and password that was used for both a hacked site and for iCloud should change their passwords immediately.

    The Apple spokesperson also told Fortune the company is "actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved," but did not outline what specific steps are being taken to monitor the situation beyond "standard procedure."

    Apple recommends that all iCloud users choose strong passwords, use different passwords for different sites, and turn on two-factor authentication to protect their accounts.

    Article Link: Apple Responds to Hack Threats, Says There Were No iCloud or Apple ID Breaches
     
  2. Naraxus macrumors 6502a

    Naraxus

    Joined:
    Oct 13, 2016
    #2
    Typical Apple. Blame others first then admit to fault later, if ever.
     
  3. Aml216 macrumors 6502a

    Aml216

    Joined:
    Sep 21, 2013
    Location:
    A mysterious location in the middle of nowhere
    #3
    That would explain my iPad telling me someone in west Sacramento trying to login to my account.
     
  4. Mansu944 macrumors 6502

    Joined:
    Mar 11, 2012
    #4
    But they said THEY have not been compromised.
     
  5. Watabou macrumors 68040

    Watabou

    Joined:
    Feb 10, 2008
    Location:
    United States
    #5
    How are they blaming others? They're just saying people use the same user name and passwords. There was no actual scraping of user names and passwords from iCloud database is what Apple is saying. How the heck is that Apple's fault if people use the same username/passwords?
     
  6. Carlanga macrumors 604

    Carlanga

    Joined:
    Nov 5, 2009
    #6
    I doubt these hackers are in sacramento or spoofing sacaramento
     
  7. CarlJ macrumors 68020

    CarlJ

    Joined:
    Feb 23, 2004
    Location:
    San Diego, CA, USA
    #7
    The people behind this kind of thing need to be set on fire, it's just evil behavior, whether or not they actually have the details they purport to have. I'm going to venture a guess that this, indeed, isn't a hack of Apple itself, and do simply have some password-reuse email/password combinations from other sites.

    Time to turn on 2FA, if you haven't already, and never use the same password in more than one place - get a good password manager (I like 1Password) and use it to keep long random passwords that are separate for every site.
     
  8. Kaibelf macrumors 68020

    Kaibelf

    Joined:
    Apr 29, 2009
    Location:
    Silicon Valley, CA
    #8
    Provide evidence before accusing
     
  9. solipsism macrumors 6502a

    solipsism

    Joined:
    Jan 13, 2008
    #9
    Unlikely. That was probably someone trying to login with a misspelled email address. So long as you have 2FA enabled you have very little to worry about.
     
  10. Bhatu macrumors regular

    Bhatu

    Joined:
    Apr 1, 2013
    #10
    Bitcoin is still alive? o_O
    They could have just ask for payment in form of ApplePay instead. :p
     
  11. Jacquesvw macrumors regular

    Joined:
    Sep 12, 2012
    #11
    $150k for 627M accounts is cheap, I'm sure if they really had the login details for that many accounts some intelligence agency would gladly pay for the data.
     
  12. solipsism macrumors 6502a

    solipsism

    Joined:
    Jan 13, 2008
    #12
    And once you get fully setup with unique passwords in a password manager and are comfortable with its usage, then you can start to systematically change your answers to recovery questions to random characters or dash-separated words, as well as birthdays and other account details to random values because that data is now secure and the biggest threat you have to your own identity will come from an internet-facing account.
     
  13. mejsric macrumors 6502a

    mejsric

    Joined:
    Mar 28, 2013
    #13
    Wake me up when someone is successfully login your account.
     
  14. ulyssesric macrumors regular

    ulyssesric

    Joined:
    Oct 7, 2006
    #14
    Typical hater. Blame Apple first for whatever they have or haven't done then disappear from the thread.
     
  15. wjw0111 macrumors member

    Joined:
    Aug 15, 2016
    #15
    Exactly - 2 factor is key here and everyone should be using it these days. Makes these idiot "hackers" impotent to do anything at all.
     
  16. jlo1158 macrumors member

    jlo1158

    Joined:
    Sep 5, 2014
    Location:
    West County
    #16

    "There have not been any breaches in any of Apple's systems including iCloud and Apple ID," the spokesperson said. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."

    Sounds to me like they're blaming others.
     
  17. Shlooky, Mar 22, 2017
    Last edited: Mar 22, 2017

    Shlooky macrumors regular

    Joined:
    May 31, 2012
    #17
    It appears there may be some truth to this, I got a request recently from someone in Montreal trying to access my account.
    The moment I saw this, I immediately changed my password.
    Naturally I had dual factor authentication and they never sent another request since.

    Sigh!
     
  18. wjw0111 macrumors member

    Joined:
    Aug 15, 2016
    #18
    Well, it's not really "blame". It's just assuring that their systems have not been compromised.

    There's not a lot they can do if someone creates an account with Apple, and an account with a third-party using the same username and password. The third-party gets hacked and then the username and password are exposed.

    How exactly is Apple supposed to protect against that sort of attack? 2 factor authentication? Oh right... they already have that available...
     
  19. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #19
    Apple's geolocation seems to be really unreliable - when I log in legitimately, it tells me that someone's tried to log in from a completely different part of the country.
     
  20. pdaholic macrumors 65816

    pdaholic

    Joined:
    Jun 22, 2011
  21. Relentless Power macrumors Core

    Relentless Power

    Joined:
    Jul 12, 2016
    #21
    Good to hear Apple confirmed no personal informational was breached over this.
     
  22. iGeek2014 macrumors 68000

    Joined:
    Jun 29, 2014
    Location:
    === Nowheresville ===
    #22
    Same here.

    Always tells me it's been accessed from London (when I'm using 2FA) even though I'm in the middle of the UK.
     
  23. Lillith Phantomhive macrumors newbie

    Lillith Phantomhive

    Joined:
    Mar 22, 2017
    #23
    I live in Sac and I got spoofed.
     
  24. dampfnudel macrumors 68030

    Joined:
    Aug 14, 2010
    Location:
    Brooklyn, NY
    #24
    I've used 2 factor for a while now and not just Apple. I tried to recommend it to a few people I know, but some of them told me it's too much trouble. Some people have to learn a lesson.
     
  25. Aleco macrumors regular

    Joined:
    Aug 7, 2009
    #25
    Would explain this phishing attempt... But I'm not trying to deal with this, I turned on two-factor earlier today.

    [​IMG]
     

Share This Page