The hackers, said to be a London-based group called the “Turkish Crime Family,” have threatened to reset passwords and remotely wipe the iPhones of millions of iCloud users if Apple fails to hand over a total of US$700,000. They have given the company an ultimatum to respond by April 7.
Apple allegedly has denied that the group succeeded in hacking its systems, maintaining that it obtained the email addresses and passwords from earlier compromised third-party services. Apple is working with law enforcement on the threats.
The data set in the iCloud hack matches the data found in the 2012 hack of 117 million accounts on LinkedIn, according to some published reports.
However, the group provided 54 credentials to the publication, which were verified as authentic based on a check of the password reset function.
Most of the accounts were outdated, but 10 people did confirm to the publication that the obtained passwords were legitimate and that they since had changed them. Those 10 people were living in the UK, and had UK mobile numbers.
Trend Micro is urging iCloud users to protect their accounts by using two-factor authentication, and also to use a password manager.
A password manager helps users create unique passwords for every account and stores them remotely so that hackers cannot access one or two accounts and thereby gain access to many more.