+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Apple is downplaying the iCloud blackmail story - but Apple users should take it seriously

Mar 24, 2017, 19:04 IST

AP

Apple has downplayed reports that millions of leaked iCloud logins are in the hands of hackers who could use the information to steal personal information or wipe devices. But sample data seen by ZDNet shows that at least some of the data is valid login information.

Advertisement

The blackmail story began on Tuesday, when Motherboard reported that a group calling itself "Turkish Crime Family" demanded $75,000 (£59,000) in either Bitcoin or Ethereum from Apple, or $100,000 (£79,000) in iTunes gift cards in return for deleting the iCloud user data it claimed to possess.

Apple, however, released a statement denying that its servers had been hacked. Instead, it seems that the login information comes from the 2012 LinkedIn hack.

Game over, right? Apple wasn't breached, so everything is fine? Well, not so much. Turkish Crime Family handed over sample data to ZDNet, which the publication verified as actual login information. The publication spoke to 10 people who verified their data.

Despite the advice of security experts, many people re-use passwords over and over, meaning that if one of their accounts (apparently LinkedIn, in this case) is compromised, their others all become vulnerable too. So clearly people are at risk, even if it's not necessarily the millions of people that Turkish Crime Family claimed are affected.

Advertisement

Apple, however, has only released one statement on the story, in which it denied it had been hacked, and said it is "actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved."

Contrast Apple's statement with the actions of Reddit and Twitter, which forced password resets on certain accounts after learning that login information for users had been posted online - even though the sites themselves hadn't been breached.

Apple increased iCloud security in 2014 after celebrities had their private photos stolen and posted online using a weakness in iCloud accounts. It prompted users to use two-factor authentication, which requires a phone number to get into accounts.

Encouraging users to change their passwords or to enable two-factor authentication now, in light of Turkish Crime Family's claims, could stop users having their accounts taken over or deleted. Apple said in its statement on the attempted blackmail that users should enable two-factor authentication for their accounts, but it has yet to email users or send notifications to their devices that their accounts could be at risk.

NOW WATCH: A hacker reveals the most secure thing you can do to your passwords

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article