HACKERS who claim to have control of at least 200 million iCloud accounts have issued a public demand to Apple: pay ransom or we wipe them all.
The hacking group calling itself the Turkish Crime Family has provided video evidence of its claims to the tech site Motherboard, with a demand to Apple that it pay the ransom or face the consequences.
The hackers have listed the price of the ransom as either US$75,000 ransom in Bitcoin or US$100,000 in iTunes gift cards.
While the demands seem both outlandish and alarming, Motherboard confirms it has seen screenshots of emails appearing to be communications between the hackers and Apple’s security team.
200 Million iCloud accounts will be factory reset on April 7 2017
— Turkish Crime Family (@turkcrimefamily) March 21, 2017
The hackers also have shown off video which appears to demonstrate how they can log into the compromised accounts.
Apple has not commented on the report.
Without confirmation from Apple, it is difficult to verify the claims of the hackers.
There are also some discrepancies in their story. One account from the hackers says it has access to 200 million accounts, another says 300 million and a third says 559 million.
The hackers have given Apple an April 7 deadline before it performs a factory reset on the accounts, wiping all of their data.
Tyler Moffitt, senior threat research analyst with Webroot, said the threat illustrates that every company was vulnerable to attack no matter how reputable or confident it was with its security.
“Unless there are adequate backup policies in place, I have no doubt that ransom will be paid, regardless of what Apple publicly claims,” Mr Moffitt said.
“There is a high chance of this data eventually appearing on the dark net.”
Security analysts said Apple users should consider changing their iCloud passwords to prevent unauthorised people having access to their accounts.
Chris Roberts, chief security architect at threat detection and defense solutions firm Acalvio, said consumers should be concerned if the hackers claims were true.
“If, and it’s a big if, they have the data then yes, consumers should be concerned. They need to be ready for another round of password resets and hopefully some two-factor authentication discussions,” Mr Roberst said.
“If, and again it’s an if, they have access to that volume of accounts, they will have already harvested anything good out of them therefore it sucks.
However, once again, data is out in the wild.
“Finally, if this is real, then what the heck is Apple doing with security? And why the heck are they not putting anything official out?”