By now , you may have heard that a hacking organization identifying itself as the Turkish Crime Family has gone hunting for a very big fish : It said that it has credentials for hundreds of millions of Apple accounts of various sorts ( including email and iCloud ) , and it ’ s threatening to wipe all of the iPhones in the cache unless a hefty ransom is paid Attack.Ransom . The group is asking for Attack.Ransom either $ 75,000 in Bitcoin or $ 100,000 in iTunes gift cards before the April 7 deadline . Turkish Crime Family ( let ’ s call them TCF ) was first reported by Vice ’ s Motherboard as having 559 million total accounts—and other reports say there are either 200 million or 300 million vulnerable iPhone accounts . Regardless of the number , it ’ s a lot—and on the surface the news , if TCF really does have those credentials , would indicate that Apple has suffered a major data breach Attack.Databreach . Apple said in a media statement : “ There have not been any breaches Attack.Databreach in any of Apple ’ s systems including iCloud and Apple ID . The alleged list of email addresses and passwords appears to have been obtained Attack.Databreach from previously compromised Attack.Databreach third-party services . We 're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved . To protect against these type of attacks , we always recommend that users always use strong passwords , not use those same passwords across sites and turn on two-factor authentication . '' Which means that the danger , if it does exist , isn ’ t new for these Apple users . And indeed , many of the accounts could be defunct : Some of the addresses are @ mac.com and @ me.com addresses , which could be almost two decades old . Motherboard confirmed a back-and-forth conversation between the hackers and Apple security teams , but TCF has yet to publicly provide solid proof of how and what information they have , besides a YouTube video ( now removed ) that Motherboard said shows someone logging into an iCloud account . Meanwhile , ZDNet said that it was able to get a data sample of 54 allegedly breached accounts from TCF—finding that they were all legitimate email addresses . The outlet also reached 10 users that said the listed pilfered passwords were correct . John Bambenek , threat systems manager of Fidelis Cybersecurity , said that he ’ s skeptical about the hacker group ’ s claims , noting that there are always people who make unfounded threats to organizations in the hope of an easy payday—or notoriety . “ The hacker group is not following what ’ s become typical operating procedure , ” he said via email . “ For example , if this were a real ransomware attack Attack.Ransom , they would be communicating privately with the company they are targeting . Based on previous incidents , the current threat has all the hallmarks of a stunt . If they really have the ability to wipe iPhones then they would have wiped a few already as ‘ proof of life ’ ” . But that said , do consumers really want to roll the dice with their pictures and other information on the phone ? Lamar Bailey , director of security research and development for Tripwire , said via email that the hackers may have indeed been able to meticulously assemble a cohesive database of previously stolen Attack.Databreach Apple credentials by making use of various former data breaches Attack.Databreach of sources outside of Apple—this is a good highlight once again of the widespread problem of password re-use . It would have required a large effort , but he noted that it could be done . “ If this is legit , the hackers would have had to obtain access Attack.Databreach to the individual user accounts via breaking the passwords of each of the user accounts or have acquired access to the Apple iCloud servers , ” he said . “ The access to each user account is much more realistic since we have seen numerous reports of all the weak passwords people use for their computers and accounts ” . And , he added , if the hackers have password access to individual user accounts , they can indeed erase phones remotely and change passwords for the Apple account . “ The hackers can not remove backups for Apple devices from the cloud , but changing the passwords will make it hard for the legitimate users to reset and recover their devices , ” he noted . “ Once the end-user has access to their account , they will be able to restore their device ” . Apple users—and indeed all users of any online-facing service—should make sure they ’ re using strong passwords and enabling two-factor authentication as an added protection . “ Having a local backup of your device is always a good idea too . It is faster to restore a device locally than over the internet , and having a small NAS ( Network Attached Storage ) device at home for pictures and backups is a good investment to supplement the cloud backups , ” Bailey added

This Monday , Bleeping Computer broke the news that a hacker/group identified as Harak1r1 was taking over MongoDB databases left connected to the Internet without a password on the admin account . The group was exporting Attack.Databreach the database 's content and replacing all tables with one named WARNING , that contained a ransom note , asking Attack.Ransom the owners of the hacked database to pay Attack.Ransom 0.2 Bitcoin ( ~ $ 200 ) into Bitcoin wallet . At the time of our article , Harak1r1 had hijacked just over 1,800 MongoDB databases , and 11 victims have paid the ransom Attack.Ransom in order to recover their files . As time went by , Harak1r1 hijacked more databases , reaching at one point over 3,500 MongoDB instances , and currently peaking at over 8,500 . Among them , the hacker ( s ) had even managed to make a high-profile victim , in Emory Healthcare , a US-based healthcare organization . According to the MacKeeper Security Research Team , Harak1r1 had ransacked Attack.Databreach and blocked Emory 's access to more than 200,000 medical records . Attacks from harak1r1 went on for two more days , but as worldwide infosec media started covering the topic , two copycats appeared and started doing the same . The second group goes by the name of 0wn3d , and they work by replacing the hijacked database tables with a table named WARNING_ALERT . According to Victor Gevers , the researcher who initially discovered the first hacked MongoDBs around Christmas , this second group has hijacked just over 930 databases . Unlike Harak1r1 , this second group is a little bit more greedy and asks for Attack.Ransom 0.5 Bitcoin , which is around $ 500 , but this has n't stopped companies from paying Attack.Ransom , with 0wn3d 's Bitcoin wallet showing that at least three victims had paid Attack.Ransom his ransom demands Attack.Ransom . A day later , the same Gevers came across a third actor , using the name 0704341626asdf , which appears to have hit over 740 MongoDB servers . This hacker/group is asking for Attack.Ransom 0.15 Bitcoin ( ~ $ 150 ) , and he 's using a lengthier ransom note , in which he admonishes victims for leaving their DB open over the Internet . Furthermore , this threat actor appears to be more strict with victims and gives database owners 72 hours to pay the ransom Attack.Ransom . According to Gerves , the lines that allowed him to track the activity of these three groups is slowly blurring , as these groups started using more varied messages and different Bitcoin addresses . Additionally , in newer variations of these attacks , the hackers do n't appear to bother copying the hacked database . In recent attacks Attack.Ransom , Gevers says that crooks just delete the DB 's content , ask for a ransom Attack.Ransom regardless , and hope nobody checks the logs and discovers what they 've done . There is no evidence that they actual copied your database . According to Gevers , these groups are now fighting over the same turf , with many of them rewriting each other 's ransom notes . This leads to cases where database owners pay the ransom Attack.Ransom to the wrong group , who ca n't give their content back . `` It 's catching on and it looks more players are coming to the game .