The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device.
The group, calling itself "Turkish Crime Family", said it would delete its alleged list of compromised login credentials only after Apple pays it $75,000 in cryptocurrency, either Bitcoin or rival Ether, or $100,000 worth of iTunes gift cards, Motherboard reported. The code is required for changes to Apple ID account information, signing into iCloud or purchasing goods from the company's store.
Apple says the group hasn't broken into its servers, so that means the logins they claim to have probably came from old hacks into other company's services.
The group said it has access to hundreds of millions of iCloud and Apple accounts and intends to wipe the devices associated with those accounts if Apple doesn't pay a ransom. A person who is apparently familiar with the contents of the data being held for ransom said that numerous email accounts and passwords matched those that were leaked in a previous security breach at LinkedIn, the popular social networking site for professionals. People from Apple also advised users to have very strong and hard passwords and to not repeat them for many accounts. "They're effectively holding them for ransom, and when we're talking about one of the most valuable companies in the world, $75k is nearly pointless money".
Hackers, identifying themselves as the "Turkish Crime Family", claim to have hacked into Apple's iCloud.
Apple has been given a deadline of 7pm on April 7, after which the group will remotely wipe the accounts allegedly in its possession if no ransom is received.
According to Motherboard, Apple has responded to the group informing them to remove the video, as well as stating that their correspondence has been shared with the authorities for further action. They also claim they are accessing more Apple databases day by day.
"We are doing this because we can and mainly to spread awareness for Karim Baratov and Kerem Albayrak, which both are being detained for the Yahoo hack and one of them is most probably facing heavy sentencing in America", a representative for the group said via email.
Assuming the iCloud login credentials came from hacks into other online services, it's a flawless example of why using the same password on multiple sites is a bad idea. "But we'll see how this unfolds". If your password appears in one leak, it could be used to access any number of your accounts that use the same password.