Rumor has it that a gang of hackers—or possibly, one lonesome individual—holds the power to remotely wipe millions of iPhones and iCloud accounts, unless Apple coughs up some ransom money by April 7.
The gang calls themselves the "Turkish Crime Family," and they're demanding $75,000 in Bitcoin or Ethereum cryptocurrency. In a bizarre twist, they're also willing to accept $100,000 in iTunes gift cards as an alternative form of payment, despite the obvious concern that Apple would easily be able to track this. In return, the hacker group would delete their entire collection of compromising data.
According to Motherboard, a hacker has been quoted as saying:
I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing.
Apparently, one of the hackers shared screenshots of emails exchanged between the group and Apple, and then gave Motherboard's Joseph Cox access to the email account as proof.
The hackers claim to have over 300 million Apple email accounts, including ones with @icloud and @me domains. Later on, though, another hacker from the group claimed that they actually have 559 million accounts. The only other proof they provided was a YouTube video of the hackers allegedly logging into an elderly woman's stolen iCloud account to view backed-up photos, then wiping her device, but this video has since been removed.
Lending to the credibility of the hackers' claims, though, Apple is stated to have asked the hacker group to remove the video from YouTube:
We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it's seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law.
Cox also states that he read other emails in their account, and that it appeared the hackers have tried to approach many different media outlets to get more attention, possibly to help their extortion efforts.
Now, we don't know how true the Turkish Crime Family's claims are, but this is a good time to remind you to frequently change your passwords. Make them strong and unique, people! No names, birthdays, 123s, or whatnot.
Hot for Security even suggests you enable two-factor authentication, which is a big help for overall account security. To do this, go to Settings on your iPhone, select "iCloud," then tap your Apple ID and choose "Password & Security." Then, tap "Turn on Two-Factor Authentication" and follow the prompts. This will ensure that no one can log into your iCloud account unless they have physical access to your device—even if they've hacked your password.
Such threats from hacker groups are certainly not unheard of, and some have even been successful. In 2016, LinkedIn was attacked by a group of hackers who sold 117 million email and bank accounts via a black market site called "The Real Deal." This year, an Austrian hotel's key cards were hijacked by a group who used the virus Ransomware to lock guests out of their rooms, then demanded to be paid through Bitcoin.