New statements from Apple make it clear that they do not believe a hacker , or group of hackers , breached any of their systems . This comes after a recent report from Motherboard that a hacker gang called the `` Turkish Crime Family '' is threatening to remotely wipe up to 559 million iPhones by April 7 . The hackers claim they hold an alleged cache of stolen accounts , and their goal is to shake down Attack.Ransom the big Apple for $ 75,000 in Bitcoin or Ethereum cryptocurrency . Alternatively , in lieu of those options , they will even accept Attack.Ransom $ 100,000 in iTunes gift cards ( a potentially risky option for them ) . Apple responded to the allegation that the hackers breached Attack.Databreach its systems , assuring their systems were not compromised Attack.Databreach , but did not confirm if the hackers do in fact hold Attack.Databreach an entire collection of Apple IDs and passwords . Whatever information they do have , probably came from previously comprised third-parties . `` If the list is legitimate , it was not obtained Attack.Databreach through any hack Attack.Databreach of Apple , '' an Apple spokesperson told Fortune in an email . `` There have not been any breaches Attack.Databreach in any of Apple 's systems including iCloud and Apple ID . '' Even if the data did n't come from an Apple breach Attack.Databreach , it could still mean your iCloud login details are out there . Fortune suggested that the logins could be from the LinkedIn hack Attack.Databreach , in which login info from 117 million accounts was sold on the black market site `` The Real Deal . '' Though , if the Turkish Crime Family really has 559 million accounts , well , a mere fraction of the 117 million from LinkedIn does n't really cut it . The hackers have been sending login information to media companies in an effort to gather attention to their scam . For example , The Next Web received a small fraction of the alleged data from the hackers , and cross-referenced the info with the site Have I Been Pwned , which checks to see if your email or username has been compromised Attack.Databreach in a hack . Most of the samples provided to TNW do n't appear to have been involved in the LinkedIn hack or other hacks in the Pwned database , but TNW was able to access Attack.Databreach the accounts with the login information provided by the hackers , so the info looks legitimate . They ca n't test every login , so the small sample may not be indicative of the whole . The Turkish Crime Family also noted to TNW that all conversations with Apple were actually kept private and never reported to Motherboard . Instead , the conversation between the Turkish Crime Family and Motherboard were led by a member that has now been removed for his `` inaccuracy '' and `` lack of professionalism , '' an the group denies the authenticity of Motherboard 's report . Overall , the hacking team seems to have a hard time sticking to one story . Now , the hacker group is confirming Apple 's statement that its systems have not been breached Attack.Databreach , and that the stolen data was obtained Attack.Databreach through previously compromised systems over the last five years . The Turkish Crime Family is , in fact , not contradicting Apple . They did not breach Attack.Databreach the company , nor did they ever state to Motherboard that they stole Attack.Databreach the info directly from Apple . Rather , after Motherboard 's breaking March 21 report , a breach was assumed by some news outlets such as BGR , though most media sites never directly stated that the hackers breached Apple . The Turkish Crime Family 's initial response to Motherboard , and the group 's only statement , was to extort Attack.Ransom Apple over an alleged cache of iCloud and other Apple email accounts . The group never stated where their cache of data came from until today when they contacted TNW in response to Apple .

Science Inc. , the company behind the popular online poll creation app Wishbone , has suffered a data breach Attack.Databreach . As a consequence , personal and account information of over 2.2 million of the app ’ s users is being circulated Attack.Databreach on underground forums . The compromised records include names , usernames , email addresses and telephone numbers of the users , but also their gender and birth date ( if they chose to share that info when they set up the account ) . According to Troy Hunt , who received a copy of the compromised MongoDB database , 2,326,452 full names , 2,247,314 unique email addresses , and 287,502 cellphone numbers were included . Most importantly , the great majority of Wishbone users are teenagers and young adults , and predominantly female . “ I ’ d be worried about the potential for kids to abuse the data , ” Hunt told Motherboard . “ There ’ s a lot of young people in there and finding , say , young females and being able to contact them by phone is a worry ” . Not only that , but the data could be used to ferret out additional information about these persons , either via phishing Attack.Phishing or by searching the Internet for unsecured social media accounts that can be tied to them . Armed with all this information , fraudsters could easily perpetrate identity theft schemes . And perhaps the stolen data has already been misused . Hunt say that the data breach Attack.Databreach dates back to August 2016 , but according to the notification letter the Wishbone team sent out , they “ became aware that unknown individuals may have had access Attack.Databreach to an API without authorization and were able to obtain Attack.Databreach account information of its users ” only on March 14 , 2017 . Since then , they “ rectified Vulnerability-related.PatchVulnerability ” the vulnerability that allowed the information to be slurped Attack.Databreach by the attackers , and are now advising users to consider changing their passwords ( even though they have not been compromised Attack.Databreach in the incident Attack.Databreach ) .

Cyber attacks are becoming commonplace in 2017 and the most recent one might be a credit card breach Attack.Databreach which hit the popular retail chain Kmart , reported first on May 16 , but only confirmed by parent company Sears Holding on Wednesday . `` Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls . Once aware of the new malicious code , we quickly removed it and contained the event . We are confident that our customers can safely use their credit and debit cards in our retail stores , '' Howard Riefs , a spokesman for Sears Holding , said in a statement to Patch . The company further explained the risk to its customers . “ Based on the forensic investigation , NO PERSONAL identifying information ( including names , addresses , social security numbers , and email addresses ) was obtained Attack.Databreach by those criminally responsible . However , we believe certain credit card numbers have been compromised Attack.Databreach . Nevertheless , in light of our EMV compliant point of sale systems , which rolled out last year , we believe the exposure Attack.Databreach to cardholder data that can be used to create counterfeit cards is limited , '' it said . The breach was first reported by security website Krebs on Security on May 16 . Many small banks and credit unions received complaints about batches of stolen cards , all of which had been used at Kmart locations . The company didn ’ t reveal which of its 735 locations were hit , but did say how the breach occurred . The company ’ s systems were hit with a malware designed to steal Attack.Databreach credit card data from point-of-sale devices installed at kiosks . The malware copies Attack.Databreach credit card information from the card ’ s magnetic strip , when the cards are swiped at payment kiosks . Using this information , the cards can be cloned and purchases made using these clones would be debited from the credit card user ’ s account . This not the first time Kmart suffered such a breach . The retail chain had a similar breach Attack.Databreach in 2014 and had also claimed at the time the stolen data did not include customer names , emails addresses and personal information . `` We are actively enhancing our defenses in light of this new form of malware . Data security is of critical importance to our company , and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats , '' it said . It was however confirmed the breach Attack.Databreach did not target all Kmart locations , in which case credit card companies would have themselves issued warnings to customers against using their cards at retail stores . Sears Holdings has set up a helpline for customers who might be affected by the breach . If you think you are one of them , you can call 888-488-5978 to get your queries answered .

GameStop customers received breach Attack.Databreach notification warnings this week , cautioning them that their personal and financial information could have been compromised Attack.Databreach nine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolen Attack.Databreach , including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breach Attack.Databreach occurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolen Attack.Databreach . “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breach Attack.Databreach of his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromised Attack.Databreach , according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtained Attack.Databreach by unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized access Attack.Databreach to payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breach Attack.Databreach are how many customers may have been impacted , how was the data stolen Attack.Databreach and how was GameStop alerted to the fact the data had been stolen Attack.Databreach . In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breach Attack.Databreach involved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breach Attack.Databreach occurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolen Attack.Databreach through the use of malware . Over the past 12 months , there has been an unprecedented number of data breaches Attack.Databreach . Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphon Attack.Databreach off credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .

Officials based at the City of Del Rio , in Texas , were forced to abandon electronic services and switch to pen and paper after a ransomware attack Attack.Ransom effectively closed down City Hall servers . City representatives disclosed the cyberattack last week . The city was struck Attack.Ransom by the ransomware on Thursday , leading to all servers being disabled to prevent further spread . Del Rio 's Management Information Services ( MIS ) department then attempted to isolate the malware by turning off all Internet connections for other city departments . In turn , this prevented any members of staff from logging into government systems . As a result , employees of each department were forced to use pen and paper in their work and go back to manual entry for transactions taking place -- as and when they could considering there was no access to historical records -- while the ransomware was contained . City officials have informed the FBI of the cyberattack and the Secret Service has now become involved in attempts to find out who is responsible . It is not known at present who is behind the ransomware , what kind of malware is at fault , or whether or not any personal data has been compromised Attack.Databreach . The Texan city has also not revealed how much the ransomware demanded in payment Attack.Ransom , as is usually the case with this particular form of malware . Ransoms Attack.Ransom are usually requested in return for a decryption key -- which may or may not work -- in order to unlock encrypted systems and restore access . However , a Del Rio City Hall spokeswoman did reveal that the malware is somewhat unusual , as the ransom note posted to roughly 30 - 45 PCs contained a phone number to be used to pay the blackmail Attack.Ransom fee . Most of the time , a note will be posted on a landing page containing instructions for paying ransom Attack.Ransom in cryptocurrency and victims will be given a wallet address , rather than a means to directly call the malware 's operator . `` The City is diligently working on finding the best solution to resolve this situation and restore the system , '' an official statement reads . `` We ask the public to be patient with us as we may be slower in processing requests at this time . ''