Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Report verifies some iCloud credentials held by hacker group as valid

Last updated

A hacker group attempting to hold Apple ransom with claims it has hundreds of millions of iCloud credentials in its possession recently sent a batch of 54 UK-based accounts for testing, all of which were deemed legitimate.

The self-proclaimed "Turkish Crime Family" provided ZDNet with the iCloud credential sample set in an apparent bid to bolster its extortion efforts. The publication used Apple's online password reset tool to verify the 54 accounts belonging to iCloud customers based in the UK.

According to Thursday's report, the credentials tested date back to 2000, with some user accounts bearing Apple's legacy "mac.com" domain. Other Apple IDs in the package were identified as "me.com" and "icloud.com" accounts, the latter being Apple's current cloud product offering handed out alongside new device purchases.

While the 54 accounts were valid according to Apple's database, ZDNet was only able to verify the passwords of ten individuals. As part of its verification protocol, the publication reached out to each potential victim through iMessage, and presumably email, though most were no longer tied to Apple's messaging service.

At least one person noted their confirmed password was changed about two years ago, suggesting the hacker group's data originates from a breach dating back to 2011 to 2015, the report said.

Of the ten people who confirmed the passwords provided were correct, most said they have used the same login credentials since opening their iCloud account. At least two people noted someone attempted to reset their iCloud account in the past day, while another received an unknown login notification on Twitter, the report said.

Backing up Apple's claims that its systems were not breached and any loose data can be tracked back to third-party services, most of the people whose passwords were verified said they used the same login credentials on other sites. Interestingly, three people noted the passwords confirmed by ZDNet were specific to iCloud, a fact potentially incongruous with Apple's official stance.

The Turkish Crime Family claims to have anywhere from 250 million to 599 million iCloud credentials — at least two different figures were given to media outlets by two separate members — at its disposal, and is threatening to use them to remotely wipe connected iPhones and iPads unless Apple pays up. The group is seeking $75,000 in cryptocurrencies or $100,000 in iTunes gift cards by April 7.

Apple in its response yesterday denied media reports that its servers were breached, claims later backed up by the hacker group. Some have floated the idea that some of the data stems from a 2012 LinkedIn hack, though the theory has yet to be proven.

While the source of the alleged iCloud data remains unknown, Apple is keen on quelling customer concerns. In its statement, the company said it is "actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved."

Apple went on to urge customers to use strong, unique passwords and recommended against recycling credentials across services. In addition, the company encourages users to enable two-factor authentication whenever possible.