This week, a Turkish ‘hacking' group began kicking up a fuss on social media, claiming they had access to over 300 million iCloud accounts and would begin factory resetting 200 million iOS devices starting on the 7th of April. The hope was that this would scare Apple into paying up $100,000 in iTunes gift cards or $75,000 worth of Bitcoin. However, as it turns out, Apple's servers haven't been compromised at all, so they are calling the group's bluff.
The self-proclaimed hackers go by the name ‘Turkish Crime Family' and said that if Apple did not meet the group's demands by the 7th of April, it would begin resetting iCloud accounts, which in turn would lock iOS users out of their devices. While the group claimed to have access to 300 million accounts, it was apparently only willing to wipe 200 million of them.
In a statement provided to Forbes, an Apple spokesperson confirmed that the company has not found any breaches in its system and while the hackers did post a YouTube video appearing to show proof of access to some email accounts, this was down to a third party phishing scam, rather than an attack on Apple's database: “There have not been any breaches in any of Apple's systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
While Apple does have a bug bounty system in place, which rewards security researchers for finding weaknesses and reporting them directly to Apple, the company's policy is not to deal with cyber criminals.
KitGuru Says: Apple is one of the most cyber-security conscious tech companies around so I'm not surprised to hear that this threat was nothing but smoke. That said, this group did have access to some email addresses due to third-party scams, so that is something that does need to be watched out for. If you think you've been caught out, you can check sites like Have I Been Pwned and then go ahead and reset passwords as needed.