Apple over alleged access to a large cache of iCloud and other Apple email accounts . The hackers , who identified themselves as 'Turkish Crime Family ' , d emanded Attack.Ransom$ 75,000 in Bitcoin or Ethereum , another increasingly popular crypto-currency , or $ 100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data . `` I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing , '' one of the hackers told Motherboard . The hackers provided screenshots of alleged emails between the group and members of Apple 's security team . One also gave Motherboard access to an email account allegedly used to communicate with Apple . `` Are you willing to share a sample of the data set ? '' an unnamed member of Apple 's security team wrote to the hackers a week ago , according to one of the emails stored in the account . The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts . The hacker appears to a ccess Attack.Databreachan elderly woman 's iCloud account , which includes backed-up photos , and the ability to remotely wipe the device . `` We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it 's seeking unwanted attention , second of all we would like you to know that we do not reward cyber criminals for breaking the law , '' a message allegedly from a member of Apple 's security team reads . The alleged Apple team member then says archived communications with the hacker will be sent to the authorities . According to one of the emails in the accessed account , the hackers claim to h ave access Attack.Databreachto over 300 million Apple email accounts , including those use @ icloud and @ me domains . However , the hackers appear to be inconsistent in their story ; one of the hackers then claimed they had 559 million accounts in all . The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim , except those shown in the video . By reading other emails included in the account , it appears the hackers have approached multiple media outlets . This may be in an attempt to put pressure on Apple ; hackers sometimes feed information to reporters in order to help e xtortion efforts.Attack.RansomAfter the publication of this article , an Apple spokesperson told Motherboard in an email , `` There have not b een any breaches Attack.Databreachin any of Apple 's systems including iCloud and Apple ID . The alleged list of email addresses and passwords appears to h ave been obtained Attack.Databreachfrom p reviously compromised Attack.Databreachthird-party services .
In one of the more bizarre d ata breaches Attack.Databreachto surface recently , hackers made off with 6 million accounts for CashCrate , a site where users can be paid to complete online surveys , according to a database obtained by Motherboard . In short , CashCrate connects users to companies that need people to test new products and services , or take part in daily surveys in exchange for cash . The data includes user email addresses , names , passwords , and physical addresses . Judging by timestamps in the stolen database , the earliest accounts date way back to 2006 , and come with full passwords . If a user signed up to another service with the same password , hackers could a ccess Attack.Databreachthe victim 's account on another site , as well as their CashCrate account . Accounts from mid 2010 onwards appear to have passwords hashed with the notoriously weak MD5 algorithm , meaning that hackers may be able to crack the hashes and o btain Attack.Databreachthe real login credentials . For-profit breach notification site LeakBase provided Motherboard with a copy of the CashCrate data . To verify that the data was legitimate , Motherboard attempted to create accounts with random email addresses included in the data . In every instance , this was not possible , because the email was already linked to an account on CashCrate . As an indication of CashCrate 's approach to cybersecurity , the site does not use basic web encryption , including on its login page , meaning that credentials could b e exposed Attack.Databreachto anyone in a position to i ntercept Attack.Databreachthem . `` We 're in the process of notifying all our members about the breach . While we 're still investigating the cause , at this point it appears that our third-party forum software w as compromised,Attack.Databreachwhich led to the breach . We 've deactivated it until we 're confident it 's secure , '' a CashCrate spokesperson told Motherboard in an email . `` We have also confirmed that any users who have logged in since October 2013 have passwords that are fully hashed and salted , and we 're looking into why some inactive accounts have plaintext passwords . Those will be hashed and salted immediately , '' the spokesperson added . The lesson : We all sign up to odd or random websites . If possible , it may be worth using a different email address for these more leftfield sites , or even creating dedicated addresses for each . That way , when a breach does occur , any fallout will be mitigated , and hopefully limited to only one or a few sites . That , and you should use a unique password for every site too .