Apple confirmed on Thursday that its servers were not hacked, after reports earlier this week claimed that hackers are holding hundreds of millions of accounts for ransom. Even though Apple said it did not suffer a data breach, and that it’s monitoring the situation, the publicity-hungry Turkish Crime Family (TCF) hackers still have an April 7th deadline in mind.
At that point, they say they will remotely wipe hundreds of millions of iPhones that are tied to the Apple ID databases they have obtained. While it all sounds pretty questionable, a new report indicates that the hackers may indeed be sitting on a huge cache of genuine Apple ID accounts, complete with passwords.
The hackers gave ZDNet a sample of 54 sets of credentials, and the tech blog discovered that the accounts were indeed valid.
ZDNet contacted the users, who appear to all be UK-based, and verified the passwords. Of the 54 accounts, only 10 were still in use. The people were using different cellular networks, and they owned different devices, including iPhone, iPad, and Macs.
These details seem to indicate that the data doesn’t originate from one specific carrier, and that no single Apple product line has somehow been compromised.
Most of the account owners in this case say that they have had the same passwords on iCloud for four or five years, and they also use the same email address and password combinations on other sites. Three people said the iCloud email and password were unique to iCloud, which is a puzzling detail for this investigation since Apple denies that its servers were breached.
ZDNet believes that the data may come from breaches that occurred between 2011 and 2015.
The overall implications of these findings are clear: the threats are not empty. All users should go ahead and change their iCloud password right now, and it never hurts to enable 2-factor authentication as well. Also, users should make sure they don’t use the same user name and password combination anywhere else, no matter how convenient it might be.