Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hackers Claim Access to 300 Million iCloud Accounts, Say Apple Refused to Pay $75,000 Ransom
- Thread starter MacRumors
- Start date
- Sort by reaction score
No. Don't blame "People." And if that's your argument, then Of course we can always put the blame on people when any issues/incidents arise. The issue is updating the infrastructure by being dynamic, perhaps not in this exact situation, because we don't if it's accurate. The solution is making sure security is ever changing by not being stagnant, providing a multitude of era's to scramble and distort one's personal data from being obtained. And if the security is breached, then what fail safes does the victim have to safe guard themselves. Period.
Ignorance comes through not utilizing security features when they are at your fingertips. In my opinion, Apple has some of the best security features available with Two-Step and alpha-numeric.
And who is responsible for all these security measures? Cats? Dogs? Fish?
**** only $75K, if you are going to try some extortion techniques maybe ask for a larger amount. Please someone tell the Turkish Crime Family that it isn't a lot of money these days.
[doublepost=1490198070][/doublepost]
Damn I took too long to look for the image and you beat me to it.
Careful, I posted a meme the other day and the mods notified me and banned my post. I wasn't trolling or anything but just a heads up.
How dumb are you to ask for gift cards?
*Hands gift cards over to hackers*
Week later
Hey Phil, did you delete all those gift card serial numbers?
Working on it now, Tim.
*Hands gift cards over to hackers*
Week later
Hey Phil, did you delete all those gift card serial numbers?
Working on it now, Tim.
They probably went for 75K because they though Apple wouldn't sniff at paying that to make sure this goes away ... pocket change. Also, asking for such a small amount that would likely be paid stinks of the perp not having the balls to do anything with this data.
The thing is, once you start paying ransoms you'll be paying them forever. It is best to just never pay that first one, let whatever is going to happen, happen, and then the criminal world will know you don't pay ransoms so they won't be likely to try again or they'll pick another target.
Strangely enough, I got an automated call this morning, asking me to call a number (which they claim it's Apple's customer service). I think this might be real deal. I called Apple to make sure this wasn't the real Apple. But I'm kind of worried that someone knows my number and knows that I have an iPhone
Might be a good time to:
1) Make sure you have your own independent backup of all your data in iCloud. You should do this regardless of hacker threats.
2) Change your Apple ID password.
3) Check your signed-in devices list for any devices you don't recognize, and remove them.
4) For the love of whatever deity you believe in, enable two-factor authentication. C'mon, people.
So if the hacker got access to 300m accounts then wouldn't this be a hack from the backend rather than a password hack. Your idea is right and everyone who knows how to do this should do it but such a mega hack cannot be a password hack.
How long til it's cheaper just deal with the hackers in cyberpunk style? I've heard $100k in Bitcoin buys other "services" too on the DarkWeb. In pretty much any country you want. Hope the hackers can buy their way out of that. Go capitalism.
I mean with $100 BILLION in offshore, tax haven banks, that don't look to closely at actual drugs, weapons, and human laundering to very bad people, that's more money for black-cyberpunk-ops than most governments of the world have available for legal police spending. Facebook, Microsoft etc all have similar amounts offshore too. Don't hold them up for "anonymous" $100k, m'kay.
I think some company should float a fake news rumor they did this just to scare the hell out of hackers messing with millions of people's stuff?
I mean with $100 BILLION in offshore, tax haven banks, that don't look to closely at actual drugs, weapons, and human laundering to very bad people, that's more money for black-cyberpunk-ops than most governments of the world have available for legal police spending. Facebook, Microsoft etc all have similar amounts offshore too. Don't hold them up for "anonymous" $100k, m'kay.
I think some company should float a fake news rumor they did this just to scare the hell out of hackers messing with millions of people's stuff?
Only thing this would do to me is erase my iMessage history. Everything else I have backups of. I don't use iCloud or any Cloud service to store sensitive info.
If you write off a threat to account security like this, you're no better than a person who hasn't yet turned on all the extra security features that are provided (2FA, etc). People need to get the word out to friends/relatives and get them secured. Just leave out the "I think it is bunk part" and they'll be better off than they were.
This was a successful phishing expedition not a server breach, IMO. If it did come down from a server breach, $75,000 was a dirt cheap price to cover it up. There probably aren't really 300 million compromised accounts, but truth is probably in the middle of a few hundred thousand minimum and 10 or so million.
$75,000 isn't a lot to some people or a company like Apple, but in some countries that can set you up pretty good compared to the average population and not be enough that it's hard to move or use. Once you get enough cash moving, it is dirt simple to trace and draws a lot of attention at each step. $75K is enough to start a much bigger and more successful campaign as well as a good opportunity to find people in banking and law enforcement that are willing to work with you without a large time penalty if you get caught. (You prove you can get money, they prove they can clean and cover it and find out how much that will cost you.) $75K hides nicely in the midst of normal overseas business transactions.
The only part of their plan that was stupid really was picking Apple as the mark. Apple is much less likely to pay up that tiny amount than some mid-sized retail chain who doesn't want to be included in the latest "This retailer has just been hacked" headline. ...maybe they already worked through a couple of those? who knows.
This was a successful phishing expedition not a server breach, IMO. If it did come down from a server breach, $75,000 was a dirt cheap price to cover it up. There probably aren't really 300 million compromised accounts, but truth is probably in the middle of a few hundred thousand minimum and 10 or so million.
$75,000 isn't a lot to some people or a company like Apple, but in some countries that can set you up pretty good compared to the average population and not be enough that it's hard to move or use. Once you get enough cash moving, it is dirt simple to trace and draws a lot of attention at each step. $75K is enough to start a much bigger and more successful campaign as well as a good opportunity to find people in banking and law enforcement that are willing to work with you without a large time penalty if you get caught. (You prove you can get money, they prove they can clean and cover it and find out how much that will cost you.) $75K hides nicely in the midst of normal overseas business transactions.
The only part of their plan that was stupid really was picking Apple as the mark. Apple is much less likely to pay up that tiny amount than some mid-sized retail chain who doesn't want to be included in the latest "This retailer has just been hacked" headline. ...maybe they already worked through a couple of those? who knows.
Last edited:
Hopefully they have access to my dad's account b/c every time I try to help him with something, he doesn't have access as he doesn't know his PW. I would hope SOMEONE can get into his account at this point...
Apple NEVER calls customers about their Apple ID account unless it has been pre-scheduled via the Apple website or Retail store. Anything else is a scam. Trust me.
Sign into icloud.com, click on "Settings", and it's right near the top of that screen -- "My Devices".
Read the stories closer... These guys haven't claimed to have hacked Apple. They're saying they have access to icloud accounts. Most likely through phishing scams. What they're threatening to do is log in to these accounts and remotely wipe the owner's iPhone(s) and delete any backups.
Well, they could know something; or, more likely, they could just be phishing. It's a pretty good bet that if people with nefarious intentions robodial a bunch of numbers in the U.S., probably at least 40% of the people they call will have Apple IDs. If they get even 1% of those people to call back, they can wreak havoc on the lives of that 1% -- particularly if that 1% has iPhones, which most of them probably do.
Not trying to be mean, but anyone who has an iPhone and puts your number into the number field in iMessage can figure out if you have an iPhone or not (iMessage turns blue rather than green).
That kid in the basement better be careful what he's getting into.
There are no Mom cooked meals or video games to play with, behind prison bars.
There are no Mom cooked meals or video games to play with, behind prison bars.
It'll be fine. It just depends on the context and whether someone misinterprets it as trolling. Got one last week but I'm not going to argue.
The problem is, the hackers wouldn't use these gift cards to download music, but to sell them to unsuspecting victims.