Apple has denied that millions of iCloud accounts have been breached after a hacker group claimed it gained access to the company’s various systems.
In a statement to Fortune (opens in new tab), an Apple spokesperson said that no systems, including iCloud and Apple ID, had been hacked and that the list of email addresses and passwords the group are claiming to have “appears to have been obtained from previously compromised third-party services.“
The group calling itself the Turkish Crime Family claimed on March 21 that it had details for more than 300 million iCloud accounts and demanded that the company hand over $75,000 in Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards to keep the data safe.
Fortune reports that one of the previously compromised third party services the hackers likely used to obtain the data was LinkedIn as many of the email addresses and passwords match those stolen in a 2012 hack of the site. This wouldn’t be the first time a hacker group would have used the data from this particular breach for extortion purposes either.
The group sent a YouTube video to Motherboard (opens in new tab) showing one of their members accessing an iCloud account using the stolen data where they were able to access the account’s photos and remotely wipe the user’s device.
However, it would have been easy for the group to stage this scenario and the veracity of their claims wasn’t helped by inconsistencies in reporting how many account details they’d stolen – one member claimed 300 million while another said 559 million.
Regardless, Apple has said that it’s keeping a close eye and “actively monitoring to prevent unauthorized access to user accounts.” Not only that, the company is working with law enforcement to identify the group behind the threats.
Apple also recommends that to protect themselves against these kinds of attacks customers should “always use strong passwords, not use the same passwords across sites, and turn on two-factor authentication.“