Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hackers Claim Access to 300 Million iCloud Accounts, Say Apple Refused to Pay $75,000 Ransom
- Thread starter MacRumors
- Start date
- Sort by reaction score
Just shows once again that annoying elaborate passwords on personal devices are just to make people feel special. Real hackers simply attack banks, etc that supposedly have ultra protection and staffs of people to prevent this. Lets just move onto full use of finger print, retina scans, etc and end this foolishness. It could always be an option to use passwords as well.
Today I have been getting multiple prompts on my iPhone to enter my appleID. Once I did, it asked for my TFA recovery key... I also later in the day got a phishing email that was obviously fake and I forwarded to Apple. I wonder if I'm one of those accounts. Seriously, very happy to have turned on Tfa.
Wait, WHAT! Let me TRY 
to understand this - they either want $75, 000 OR $100,000 worth of iTunes cards..... Aaaaahahahaha.................. Hehehhehehe....... How old are these jack-asses? 25 going on 12? First, that amount is REALLY, SAD! AT least learn from the pro and ask for {at least} a million AND forget about iTunes cards, rather silly. I HIGH doubt they actually hacked iCloud.com
to understand this - they either want $75, 000 OR $100,000 worth of iTunes cards..... Aaaaahahahaha.................. Hehehhehehe....... How old are these jack-asses? 25 going on 12? First, that amount is REALLY, SAD! AT least learn from the pro and ask for {at least} a million AND forget about iTunes cards, rather silly. I HIGH doubt they actually hacked iCloud.com
Thank you! I checked and no "suspected" device listed. I better keep an eye on this for next few days. Should be very interesting.
EDIT: What if they have the ability to "hide" their "suspected" device off from the device listing? Anything can happen...
A single hacker or group of hackers who have identified themselves as the "Turkish Crime Family" allegedly have access to at least 300 million iCloud accounts, but they are willing to delete the alleged cache of data if Apple pays a ransom by early next month, according to a report from Motherboard.
The hackers have allegedly demanded $75,000 to be paid in cryptocurrencies Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards, by April 7, or they will reset a number of the iCloud accounts and remotely wipe victims' Apple devices. The email accounts are said to include @icloud.com, @me.com, and @mac.com addresses.
The report said that the hackers "provided screenshots of alleged emails between the group and members of Apple's security team," while the hackers also shared an unlinked YouTube video that seemingly shows proof of them accessing "an elderly woman's iCloud account" and "the ability to remotely wipe the device."
If the screenshotted email is accurate, which it very well might not be, a member of Apple's security team turned down the ransom, noting that Apple does "not reward cyber criminals for breaking the law."Apple did apparently request to see a sample of the dataset, according to the report, but it is unclear if the hackers obliged.
"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers said.
The report should be treated with a healthy dose of skepticism, as these allegations could be untrue, and Apple has yet to confirm or comment on the matter.
Update: The group claims additional hackers have stepped forward and shared additional account credentials, putting the number of accessible iCloud accounts at over 627 million, according to security-centric website CSO Online.
Article Link: Hackers Claim Access to 300 Million iCloud Accounts, Say Apple Refused to Pay $75,000 Ransom
'We first kindly request...'???
Sorry, unless someone from Apple in India answered their email, that's not how someone in the US phrases things.
IMO, it's BS.
Look, I work in patent litigation, and to me the main difference between a troll and legitimate plaintiff is how much they're asking for and how well they can justify it.
If a plaintiff sues, asks for $14.3 million, and when asked to justify it produces good economic analysis of the technology's value, they are probably serious. They will also not generally budge too much at the initial negotiation.
If a plaintiff sues, asks for $200k, and when asked to justify it just talks about how expensive litigation is and wouldn't it just be cheaper to end it now, they are trolls. Their willingness to negotiate against themselves and give counter-offers that are half or a quarter of their original ask is also a dead give-away.
These guys are clearly trolls. If they really had access to 300 million iCloud accounts, they would be able to easily justify a much larger value. Instead, they just want to negotiate a quick and easy out price.
Did it ever occur to you that I may have a bug? I have set it up successfully for multiple individuals, and I am the only one with this issue, so get over yourself
[doublepost=1490237623][/doublepost]
I did that, and still had the issue. I agonized over trying to fix it for about two hours and have accepted my vulnerability
Either this is the worst coincidence of my life, or my account was hacked...
Basically, today after reading the hacking headline I went to check my email - it told me my account was locked for "security reasons". First time in ~8 years of having it that that's happened to me. It didn't have two-step verification either; I had no idea what that even was.
I tried to 'unlock' it by answering the additional security questions, but I forgot the answers and ended up making it worse. According to a call with customer service, I (and even Apple) can't even attempt to access my account for another 8 hours, because after a certain amount of failed answers to the security questions it apparently goes to a kind of 'stage 2' lockout.
Is there any chance that the fact it was "locked" to start with means that hackers never successfully got in? Or is it going to be something that probably only got initiated by Apple after a breach?
Moreover, I'd been receiving notifications on my Macbook and iPhone for a while now to (re) enter my iCloud details, despite the fact that those machines seemed to already be connected to iCloud. I kind of just ignored it; it was only happening on start up. I have no idea if that's relevant, but it makes me worry now as to why it was asking.
Basically, today after reading the hacking headline I went to check my email - it told me my account was locked for "security reasons". First time in ~8 years of having it that that's happened to me. It didn't have two-step verification either; I had no idea what that even was.
I tried to 'unlock' it by answering the additional security questions, but I forgot the answers and ended up making it worse. According to a call with customer service, I (and even Apple) can't even attempt to access my account for another 8 hours, because after a certain amount of failed answers to the security questions it apparently goes to a kind of 'stage 2' lockout.
Is there any chance that the fact it was "locked" to start with means that hackers never successfully got in? Or is it going to be something that probably only got initiated by Apple after a breach?
Moreover, I'd been receiving notifications on my Macbook and iPhone for a while now to (re) enter my iCloud details, despite the fact that those machines seemed to already be connected to iCloud. I kind of just ignored it; it was only happening on start up. I have no idea if that's relevant, but it makes me worry now as to why it was asking.
It looked pretty good... I can't say for sure. Like I said, I didn't see anything at first blush. I didn't click actually click on anything, but I did log in to my account and reset the password just in case.
Then Apple forces a password reset on them all and flags the accounts so when people call support they can walk through the process when they can't log in and weren't aware of the password reset.