Extortion has long been a popular method for hackers to get what they want from their exploits. Ransomware attacks, where a cybercriminal seizes a tech resource and demands payment to reinstate access, have been on the rise for several years. In some recent politically motivated attacks, hacktivists have used blackmail tactics to try and force target organizations (e.g., Ashley Madison) to meet certain demands.
Now, in a different kind of extortion scheme, a group calling themselves the Turkish Crime Family is attempting to strong-arm Apple Inc. into paying $700,000. The hackers are threatening to release personal data stored by more than 200 million users of Apple’s iCloud storage service. On top of that, the group claims that it will wipe users’ iPhones if the tech giant fails to meet their demands. To prove they mean business, the group has already released a series of about 70,000 login and password records on iCloud users.
A twist in the plot, however, came when Apple responded to the threat by reassuring users that it had not, in fact, been breached. Researchers had looked into the 70,000 “leaked” login records, and found that 99.9 percent of them had been released in previous, known compromises of third-party services. According to a report published on The Verge, this likely means the Turkish Crime Family is working with recycled public data, and it probably doesn’t have the amount of information it is threatening to expose.
Although the news should give Apple customers some relief in this case, it’s still a good reminder for iCloud users to keep good privacy practices top of mind. If you have data stored on the iCloud system, take the time to change your password and set up two-factor authentication. Consider whether any of the data you are storing on the service is really something you want to keep on the consumer cloud, where there’s a bigger risk of it getting breached.
Most businesses, of course, have less direct impact to worry about with the breach of a personal storage product. However, this event should reinforce the importance of training employees on proper privacy protections, especially during a time when many workers are bringing their devices to the workplace and even using them for business functions. You wouldn’t want private data on your business falling in to the hands of hackers because of an employee’s upload to iCloud or a similar service.