a whopping $ 75,000 bitcoin or ethereum ransomAttack.Ransom( or $ 100,000 in iTunes gift cards ) it will wipe the lot . First , Apple says its systems haven’t been breachedAttack.Databreach. The company told Naked Security : There have not been any breachesAttack.Databreachin any of Apple ’ s systems including iCloud and Apple ID . The alleged list of email addresses and passwords appears to have been obtainedAttack.Databreachfrom previously compromisedAttack.Databreachthird-party services . So 200m accounts obtainedAttack.Databreachfrom previously compromisedAttack.Databreachthird party services is OK ? Obviously not , but there ’ s no suggestion that Apple itself is responsible for any compromised security . The Turkish Crime Family itself appears to be new on the security scene , believed to have started life in Istanbul but now resident in Green Lanes , north London , according to one report . Helpfully , the organisation has a Twitter account . Another curious facet of the alleged breach is that asking for paymentAttack.Ransomin extremely traceable iTunes vouchers seems more than slightly curious ; why would you not ask for something with a less clean audit trail ? The group itself disputes the amount that ’ s been reported and blames a media relations operative ( presumably the same one who put an email address for media inquiries on the Twitter profile ) : This sum of $ 75,000 is incorrect , this was submitted by one of our old media guys that is not a part of our group . The sum is a lot higher The organisation has posted what it claims is video evidence to the Motherboard site . David Kennerley , director of threat research at Webroot , is among the first to wonder whether the threat is actually real . There are a lot of questions that need to be answered such as , do these hackers really have accessAttack.Databreachto the data they claim ? How did they get hold of such a large amount of data ? Finally , there are still people who believe their Apple hardware is completely safe from malware just because it ’ s Apple . It ’ s great kit and it works beautifully but nobody is safe Logging into and erasing 200 million accounts would take some time . If it started happening , Apple could easily block the attack . Also , they ’ d have to have some sort of server or admin-level access to be able to wipe or delete accounts , or even a single server ’ s-worth of accounts . The Turkish Crime Family having that level of access would either entail an incredibly serious , hitherto unknown breach in Apple ’ s defenses ( improbable ) , or the help of someone on the inside ( more likely , but still doubtful ) . If an Apple user wasn ’ t backing up their entire device to the Apple Cloud , a device that was wiped wouldn ’ t have everything for Apple to restore . I suspect there are quite a few users that don ’ t do Cloud backups , or only back up a portion of their data .
Apple is reassuring customers that its systems have not been breachedAttack.Databreachwhile a hacker , or hackers , threaten to remotely wipe hundreds of millions iPhones of all their data , including photos , videos , and messages . The hackers are using an alleged cache of stolen email accounts and passwords as leverage in an attempt to extortAttack.Ransomthe world ’ s most valuable company . They claim to have accessAttack.Databreachto as many as 559 million Apple email and iCloud accounts , Vice blog Motherboard reported on Tuesday . The group , calling itself “ Turkish Crime Family , ” said it would delete its alleged list of compromised login credentials only after Apple paysAttack.Ransomit $ 75,000 in cryptocurrency , either Bitcoin or rival Ether , or $ 100,000 worth of iTunes gift cards , Motherboard reported . The group has given Apple ( aapl ) a deadline of April 7 to meet its demands . Though Apple has not officially confirmed the authenticity of the data that the hackers say they have , an Apple spokesperson told Fortune in an emailed statement that , if the list is legitimate , it was not obtainedAttack.Databreachthrough any hackAttack.Databreachof Apple . “ There have not been any breachesAttack.Databreachin any of Apple ’ s systems including iCloud and Apple ID , ” the spokesperson said . “ The alleged list of email addresses and passwords appears to have been obtainedAttack.Databreachfrom previously compromisedAttack.Databreachthird-party services ” . A person familiar with the contents of the alleged data set said that many of the email accounts and passwords contained within it matched data leakedAttack.Databreachin a past breachAttack.Databreachat LinkedIn . The company representative declined to elaborate on what steps Apple had taken to monitor the situation . The spokesperson merely noted that such measures , whatever they may be , are “ standard procedure ” . Apple customers who secure their iCloud accounts with the same passwords they use on other online accounts—especially ones at LinkedIn , Yahoo ( yhoo ) , Dropbox , and other sites recently revealed to have suffered big breaches over the past few years—should adopt new passwords that are long , strong , and unique . Many security experts also recommend storing them in a password manager , and activating two-factor authentication , an additional layer of security , where available .
`` There have not been any breachesAttack.Databreachin any of Apple 's systems including iCloud and Apple ID , '' an Apple representative said in an emailed statement . `` The alleged list of email addresses and passwords appears to have been obtainedAttack.Databreachfrom previously compromisedAttack.Databreachthird-party services . '' A group calling itself the Turkish Crime Family claims to have login credentials for more than 750 million icloud.com , me.com and mac.com email addresses , and the group says more than 250 million of those credentials provide access to iCloud accounts that do n't have two-factor authentication turned on . The hackers want Apple to payAttack.Ransom$ 700,000 -- $ 100,000 per group member -- or `` $ 1 million worth in iTunes vouchers . '' Otherwise , they threaten to start wiping data from iCloud accounts and devices linked to them on April 7 . In a message published on Pastebin Thursday , the group said it also asked forAttack.Ransomother things from Apple , but they do n't want to make public . `` We 're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved , '' the Apple representative said . `` To protect against these type of attacks , we recommend that users always use strong passwords , not use those same passwords across sites and turn on two-factor authentication . '' However , the unusually high numbers advanced by the group are hard to believe . It 's also hard to keep up with the group 's claims , as at various times over the past few days , it has released conflicting or incomplete information that it has later revised or clarified . The group claims that it started out with a database of more than 500 million credentials that it has put together over the past few years by extractingAttack.Databreachthe icloud.com , me.com and mac.com accounts from stolen databases its members have soldAttack.Databreachon the black market . The hackers also claim that since they 've made their ransomAttack.Ransomrequest public a few days ago , others have joined in their effort and shared even more credentials with them , putting the number at more than 750 million . The group claims to be using 1 million high-quality proxy servers to verify how many of the credentials give them access to unprotected iCloud accounts . Apple provides two-factor authentication for iCloud , and accounts with the option turned on are protected even if their password is compromisedAttack.Databreach. The latest number of accessible iCloud accounts advanced by the Turkish Crime Family is 250 million . That 's an impressive ratio of one in every three tested accounts . The largest ever data breachAttack.Databreachwas from Yahoo with a reported 1 billion accounts . `` At best they ’ ve got some reused credentials , but I wouldn ’ t be surprised if it ’ s almost entirely a hoax . '' Hunt has n't seen the actual data that the Turkish Crime Family claims to have , and there is n't much evidence aside from a YouTube video showing a few dozen email addresses and plain text passwords . However , he has significant experience with validating data breachesAttack.Databreachand has seen many bogus hacker claims over the years . To be on the safe side , users should follow Apple 's advice and create a strong password for their account and turn on two-factor authentication or two-step verification at the very least
By now , you may have heard that a hacking organization identifying itself as the Turkish Crime Family has gone hunting for a very big fish : It said that it has credentials for hundreds of millions of Apple accounts of various sorts ( including email and iCloud ) , and it ’ s threatening to wipe all of the iPhones in the cache unless a hefty ransom is paidAttack.Ransom. The group is asking forAttack.Ransomeither $ 75,000 in Bitcoin or $ 100,000 in iTunes gift cards before the April 7 deadline . Turkish Crime Family ( let ’ s call them TCF ) was first reported by Vice ’ s Motherboard as having 559 million total accounts—and other reports say there are either 200 million or 300 million vulnerable iPhone accounts . Regardless of the number , it ’ s a lot—and on the surface the news , if TCF really does have those credentials , would indicate that Apple has suffered a major data breachAttack.Databreach. Apple said in a media statement : “ There have not been any breachesAttack.Databreachin any of Apple ’ s systems including iCloud and Apple ID . The alleged list of email addresses and passwords appears to have been obtainedAttack.Databreachfrom previously compromisedAttack.Databreachthird-party services . We 're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved . To protect against these type of attacks , we always recommend that users always use strong passwords , not use those same passwords across sites and turn on two-factor authentication . '' Which means that the danger , if it does exist , isn ’ t new for these Apple users . And indeed , many of the accounts could be defunct : Some of the addresses are @ mac.com and @ me.com addresses , which could be almost two decades old . Motherboard confirmed a back-and-forth conversation between the hackers and Apple security teams , but TCF has yet to publicly provide solid proof of how and what information they have , besides a YouTube video ( now removed ) that Motherboard said shows someone logging into an iCloud account . Meanwhile , ZDNet said that it was able to get a data sample of 54 allegedly breached accounts from TCF—finding that they were all legitimate email addresses . The outlet also reached 10 users that said the listed pilfered passwords were correct . John Bambenek , threat systems manager of Fidelis Cybersecurity , said that he ’ s skeptical about the hacker group ’ s claims , noting that there are always people who make unfounded threats to organizations in the hope of an easy payday—or notoriety . “ The hacker group is not following what ’ s become typical operating procedure , ” he said via email . “ For example , if this were a real ransomware attackAttack.Ransom, they would be communicating privately with the company they are targeting . Based on previous incidents , the current threat has all the hallmarks of a stunt . If they really have the ability to wipe iPhones then they would have wiped a few already as ‘ proof of life ’ ” . But that said , do consumers really want to roll the dice with their pictures and other information on the phone ? Lamar Bailey , director of security research and development for Tripwire , said via email that the hackers may have indeed been able to meticulously assemble a cohesive database of previously stolenAttack.DatabreachApple credentials by making use of various former data breachesAttack.Databreachof sources outside of Apple—this is a good highlight once again of the widespread problem of password re-use . It would have required a large effort , but he noted that it could be done . “ If this is legit , the hackers would have had to obtain accessAttack.Databreachto the individual user accounts via breaking the passwords of each of the user accounts or have acquired access to the Apple iCloud servers , ” he said . “ The access to each user account is much more realistic since we have seen numerous reports of all the weak passwords people use for their computers and accounts ” . And , he added , if the hackers have password access to individual user accounts , they can indeed erase phones remotely and change passwords for the Apple account . “ The hackers can not remove backups for Apple devices from the cloud , but changing the passwords will make it hard for the legitimate users to reset and recover their devices , ” he noted . “ Once the end-user has access to their account , they will be able to restore their device ” . Apple users—and indeed all users of any online-facing service—should make sure they ’ re using strong passwords and enabling two-factor authentication as an added protection . “ Having a local backup of your device is always a good idea too . It is faster to restore a device locally than over the internet , and having a small NAS ( Network Attached Storage ) device at home for pictures and backups is a good investment to supplement the cloud backups , ” Bailey added
Security experts say they are skeptical that a group of hackers called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials . A more plausible explanation , they say , is that crooks used credential stuffing attacks to amass a limited number of valid Apple usernames and passwords in attempt to extort moneyAttack.Ransomfrom Apple . Earlier this week , the group identifying itself as the Turkish Crime Family claimed to have a database of 750 million iCloud.com , me.com and mac.com email addresses and credentials . “ There have not been any breachesAttack.Databreachin any of Apple ’ s systems including iCloud and Apple ID , ” Apple said in a statement . “ The alleged list of email addresses and passwords appears to have been obtainedAttack.Databreachfrom previously compromisedAttack.Databreachthird-party services ” . Hackers behind the claim are demandingAttack.RansomApple payAttack.Ransomthem $ 75,000 in cryptocurrency or giveAttack.Ransomthem $ 100,000 in iTunes vouchers , according to reports . If demands are not met by April 7 , the group said it will begin deleting data stored on iCloud accounts en masse . An independent analysis of 54 samples of the breached account data provided to ZDNet by the hackers were valid . However , security experts such as Troy Hunt , who runs the data breach repository HaveIBeenPwned.com , still isn ’ t convinced . Hunt told Threatpost he suspects the hack is a hoax , admitting he has not seen the any samples of the breached data . “ It ’ s entirely possible whoever is behind this could have username and password pairs that work on a limited number of Apple accounts in just the same way as re-used credentials will work across all sorts of other accounts , ” Hunt said . He said the Turkish Crime Family likely has a far smaller pool of valid Apple credentials than it claims . Shuman Ghosemajumder , CTO of the firm Shape Security told Threatpost he suspects the hackers may have used credential stuffing attacks , using data from previous breaches , to gain access to an undetermined number of iCloud accounts . Shape Security estimates that last year alone 3.3 billion credentials were exposedAttack.Databreachvia breaches . Despite credential stuffing ’ s low success rate of 1 percent to 2 percent , Ghosemajumder said , when applied to a large enough cache of data ( purchased on the dark web by the database ) the hackers may have enough information to successfully crack thousands of Apple accounts . “ There are certainly enough credentials spilled onto the internet to think someone could use credential stuffing techniques to pull together a convincing number of valid accounts in attempt to extortAttack.RansomApple for ransom moneyAttack.Ransom, ” Ghosemajumder said . Patrick Wardle , director of research at Synack , echoed the same credential theory suggesting that breachesAttack.Databreachover the past year have given hackers ample opportunity to pull together some valid iCloud account credentials . Since approaching Apple earlier this month with its demands , the Turkish Crime Family has been inconsistent about how many account credentials it allegedly possesses . Speaking to various different media outlets , the group has said it had 200 million credentials to as many as 750 million . The hacking group said that its repository isn ’ t the result of one breach , rather multiple . On Thursday , the group claimed to have a database of 750 million credentials , 250 million of which are “ checked and working , ” according to the group . Meanwhile , Apple says it ’ s actively monitoring to prevent unauthorized access to user accounts and is working with law enforcement to identify the criminals behind the Turkish Crime Family extortion schemeAttack.Ransom.
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .