A group of hackers is threatening to wipe data from millions of Apple devices in two weeks if the company doesn’t pay them $150,000.

The group, which calls itself Turkish Crime Family, claims to have login credentials for more than 627 million icloud.com, me.com and mac.com email addresses. These are email domains that Apple has allowed for users creating iCloud accounts over the years.

Even though the Turkish Crime Family hasn’t been in the media spotlight before, its members claim that they’ve been involved in selling stolen online databases in private circles for the past few years.

The group said via email that it has had a database of about 519 million iCloud credentials for some time, but did not attempt to sell it until now. The interest for such accounts on the black market has been low due to security measures Apple has put in place in recent years, it said.

Since announcing its plan to wipe devices associated with iCloud accounts, the group claimed that other hackers have stepped forward and shared additional account credentials with them, putting the current number it holds at over 627 million.

According to the hackers, over 220 million of these credentials have been verified to work and provide access to iCloud accounts that don’t have security measures like two-factor authentication turned on.

This was determined by testing the credentials using automated scripts and a very large number of proxy servers to avoid getting banned by Apple, the hackers said.

Initially the group asked Apple for the equivalent of $75,000 in Bitcoin or Ethereum cryptocurrency. The ransom value has been raised to $150,000 and the group intends to increase it further if Apple doesn’t pay in three days.



Source link