Hackers Threaten Apple to Remotely Wipe Millions of iPhones If the Company Doesn’t Pay Ransom


Hackers are apparently threatening Apple over a massive trove of stolen accounts, including iCloud and other Apple email accounts. Identifying itself as "Turkish Crime Family," the group is trying to extort the Cupertino tech giant to pay money if the company doesn't want hackers to wipe out data of the millions of accounts they allegedly have access to.

Today's story comes only a week after hackers leaked a large trove of stolen celebrity nude photos, which were also stored in iCloud. So far, there is no evidence to suggest if this is the same group.

Attackers Are Exploiting an Apple iTunes Zero-Day Bug to Install Ransomware on Windows Machines

Apple hackers blackmail the company over stolen photos and credentials

"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing,” a member of Turkish Crime Family told Motherboard, the first publication to report the story. Motherboard added that the group has also shared screenshots of their communication with the Apple security team, along with giving the publication access to the email address they used to contact the tech company.

Apple hackers are trying to make the company pay over $75,000 in cryptocurrencies, Bitcoin or Ethereum. They are, however, also willing to settle for $100,000 worth of iTunes gift cards in exchange for deleting the cache of stolen data.

"Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain).

Their communication with Apple also suggests that the attackers have provided Apple’s team with a YouTube video that shows one of the Turkish Crime Family members allegedly logging into the account of an elderly woman's iCloud account, with backed-up photos and the ability to remotely wipe all content from the device.

"We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it's seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law," a message allegedly from a member of Apple's security team reads. (Motherboard only saw a screenshot of this message, and not the original). The alleged Apple team member then says archived communications with the hacker will be sent to the authorities.

Apple hackers have claimed to have access to over 300 million Apple accounts. However, there do appear to be some inconsistencies in their story, as another member of the collective said a total of 559 million accounts have been breached. The group also hasn't provided access to any allegedly stolen iCloud accounts to the publication to verify their claim - a norm when hackers are trying to make a point.

While Apple does offer highly rewarding bug bounties, its policy is against rewarding criminals with any compensation. The iCloud hackers are threatening that if the company doesn't comply with their demands by April 7, they will reset iCloud accounts and remotely wipe victims' devices.

We have reached out to Apple for a comment on these claims and will update this story when we hear back.