Grandma doesn't know how to do any of that
That's why she has a grandson like you to help her.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hackers Claim Access to 300 Million iCloud Accounts, Say Apple Refused to Pay $75,000 Ransom
- Thread starter MacRumors
- Start date
- Sort by reaction score
That's why she has a grandson like you to help her.
Hackers can't access your iPhone and erase it remotely. I think Apple can erase your device remotely if "Find My iPhone" is activated, and you tell Apple that your device was stolen or lost and should be erased. So this has to go through Apple.
So they think they can tell Apple to remotely erase 300 million iPhones. Even if they could send the individual commands to erase an iPhone, 300 million times, I would assume that after 100 requests coming from the same location Apple would stop that. The software doing the erasing is completely under Apple's control.
So what we have here is some joker trying to blag $75,000 from Apple.
So they think they can tell Apple to remotely erase 300 million iPhones. Even if they could send the individual commands to erase an iPhone, 300 million times, I would assume that after 100 requests coming from the same location Apple would stop that. The software doing the erasing is completely under Apple's control.
So what we have here is some joker trying to blag $75,000 from Apple.
Saying "do it" might have negative legal consequences. Saying "If you do it, we will use any means available to us to make you pay for any damage caused to Apple Inc or to any of its customers" might be better. And putting out a $75,000 reward for any evidence that leads to a conviction of the culprits.
Most odd, never happened to me before so I panicked a little. Thanks!Sounds like a kid bought a hacked iCloud account from the dark web and then tried to hold Apple web chat to ransom
[doublepost=1490197037][/doublepost]
No, that happens all the time, in fact far too frequently for my liking. I wish there was an option on iOS devices to not have to enter your Apple ID password for no reason what so ever on a regular basis too.
Well, that's weird! A couple of devices signed into my account, like my girlfriend's phone (so we can share some paid apps) don't show up on the icloud.com list, but DO on appleid.apple.com. I guess the latter is the better place to look.
This is likely a not true, but I changed my password anyway.
This idea of paying ransom in gift cards reminds me of the scam where people are asked to pay back taxes to the IRS in the form of Target gift cards…or giraffes, if you've got them. Tom Woods had a podcast where he recorded a conversation he had with a scammer, and it's quite hilarious. Love him, hate him, or have no idea who he is, this episode is worth listening to.
If True, sounds like the hackers are asking for a trivial amount really, and if it's true I hope that apple is not arrogant enough to ignore this. Judging from their OS updates in the last few years time , it's a matter of time thier infrastructure gets hacked.
[doublepost=1490197669][/doublepost]Step 1 . Create fake news
Step 2 . Send out bogus emails from "apple" to change password
step 3 . Profit
[doublepost=1490197669][/doublepost]Step 1 . Create fake news
Step 2 . Send out bogus emails from "apple" to change password
step 3 . Profit
But I thought iCloud WAS that independent backup that was SECURE. If it's not then I'll stop using iCloud as it's riddled with holes computer thieves can steal through. Oh wait, I don't use iCloud as I knew what was coming. So glad I didn't install my password file in the "cloud".
A couple days ago I opened a game on my iPhone and noticed I'd been signed out of Game Center. I went to sign back in and was told my account was locked. I went through the steps to verify myself, provided my unlocking code I saved a year ago, and changed my password. It's the first time that's happened to me, so there may be a grain of truth to this. 2-step verification likely thwarted a full takeover of my account.
Once logged in via iCloud.com the hackers can do the following:
Access mail, contacts, calendar, photos, iCloud Drive files, notes, reminders and find friends.
They can change passwords, add new devices of their own etc
They can remote lock or wipe any devices managed by iCloud including iPhones, iPads and Macs. Now, this would take a while to do for 300 million accounts but it would seriously piss off users. (even though its the users fault if they don't use two factor authentication to protect their accounts).
Not that hard to do....
"Hey Siri, give me the credentials for 300 million iCloud accounts"
"Hey Siri, give me the credentials for 300 million iCloud accounts"
$75,000 isn't nothing
But pretty ****** considering what they claim to have access to
That's not even 60 42mm Ceramic Apple Watch models
Last edited:
I Understand your being flippant. But If this is accurate, then it's easier to obtain than most fully understand, which is a serious issue across the board. Updating security settings is pivotal and ensuring your protected by utilizing all of Apple's security features.
My first thought also. Total amateurs, or they're bluffing. If true, Apple ain't gonne comment until they have plugged such a potentially huge security threat.
Edit: And why wouldn't they instead have gone for that Bug Bounty Award, that could've netted them more, while getting a little respect in the process, rather than possibly a waiting jail cell? Amateurs, I tell ya.
Last edited:
I wouldn't say it's easier to obtain.
The problem is people .... people wrote the code for iCloud. It's run on servers built by people, and held within data centres managed by people. The problem is that there is an ignorance that there couldn't possibly be anyone with more resource, time and skill than the people mentioned previously. Anything done by people can be undone by people.
I wonder if what they have gained access to are actual account names and password from cached data.
If this is the case, changing our passwords should work.
Or if you have two-Step authentication, you shouldn't have to worry about it.
EDIT: If you utilize the same password at other sites, you may still need to change them all!
If this is the case, changing our passwords should work.
Or if you have two-Step authentication, you shouldn't have to worry about it.
EDIT: If you utilize the same password at other sites, you may still need to change them all!
Last edited:
LOL! That was my same thought! Who is stupid enough to ask for a currency made and managed by the company your trying to hold ransom!? The hackers sure are dumb.
I have 2FA on and have for a long while. Not worried about anything. I don't believe this either. The comments don't add up. If you have access to 300 million iCloud accounts, you don't request $75,000 dollars. Lol. You go big or go home. Good try though!
Is it possible to gain access to some accounts not your own? Hell yeah. People are stupid. So I am not surprised if they have some.
Is it possible to gain access to some accounts not your own? Hell yeah. People are stupid. So I am not surprised if they have some.
I do find this story a little bit hard to believe, but it is stories like this in the future that are why I opt to do encrypted iTunes backups and only manual transfers of photos and videos. I never store anything in icloud. The only iCloud related feature I rely on is iTunes Match & purchases on my devices, and even that, I have a backup of all my media externally anyway.