A cyber crime collective is threatening to wipe millions of Apple devices linked to compromised iCloud accounts unless the tech giant coughs up a $700,000 (€647,950) ransom.
A London-based group calling itself the Turkish Crime Family has said it will reset the smartphones and tablets if the money is not handed over by 7 April.
Refusing to pay, Apple has claimed its servers have not been breached and that users’ accounts are secure.
In a statement designed to reassure iCloud users, Apple said: “We’re actively monitoring to prevent unauthorised access to user accounts and are working with law enforcement to identify the criminals involved.
“To protect against these type of attacks, we always recommend that users use strong passwords, not use those same passwords across sites, and turn on two-factor authentication.”
Responding in a statement posted on Pastebin, a spokesperson for the hacking group said: “Apple has now announced that they were not breached, which no one claimed they were.
“They announced this for their user’s comfort and to make them feel better. Out of the 750 million [accounts], we have 250 million that are checked and working live, there is still a big amount that we’re still scanning.
“We are still strengthening our infrastructure and acquiring more servers for the attack.”
The group has handed 54 account credentials to technology site ZDNet, which has confirmed they valid.
According to the site, the accounts it checked included those with the suffixes “icloud.com”, “me.com” and “mac.com” dating back from as early as 2000, which the Turkish Crime Family said have a low monetary value in the hacking community.
ZDNet said it had contacted the owners of the addresses it was given, who confirmed the passwords linked to their email addresses were genuine.
After a number of exchanges with the gang, ZDNet said its members were likely amateurs looking for publicity.
“Based on our experience and our interactions with the group and its members, it’s evident that the group is naïve and inexperienced,” Zack Whittaker writes.
“Based on its grandiose claims and its cherry-picking media outlets to cover its claims, it’s clear that the group is gunning for publicity.”
Nevertheless, users who are worried their iCloud profiles may have been compromised have been advised to change their passwords.
While it is not entirely clear where the hackers obtained the data – which ZDNet said came in plain text form, security sources suspect it may have been compiled from information stolen in multiple previous breaches.
The group had initially demanded $75,000 in Bitcoin or Ether payments, or $100,000 worth of iTunes gift vouchers. It later said one of its members had made a mistake when making its demand, and upped its price nearly ten-fold.
