Apple has downplayed reports that millions of leaked iCloud logins are in the hands of hackers who could use the information to steal personal information or wipe devices. But sample data seen by ZDNet shows that at least some of the data is valid login information.
The blackmail story began on Tuesday, when Motherboard reported that a group calling itself "Turkish Crime Family" demanded $75,000 (£59,000) in either Bitcoin or Ethereum from Apple, or $100,000 (£79,000) in iTunes gift cards in return for deleting the iCloud user data it claimed to possess.
Apple, however, released a statement denying that its servers had been hacked. Instead, it seems that the login information comes from the 2012 LinkedIn hack.
Game over, right? Apple wasn't breached, so everything is fine? Well, not so much. Turkish Crime Family handed over sample data to ZDNet, which the publication verified as actual login information. The publication spoke to 10 people who verified their data.
Despite the advice of security experts, many people re-use passwords over and over, meaning that if one of their accounts (apparently LinkedIn, in this case) is compromised, their others all become vulnerable too. So clearly people are at risk, even if it's not necessarily the millions of people that Turkish Crime Family claimed are affected.
Apple, however, has only released one statement on the story, in which it denied it had been hacked, and said it is "actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved."
Contrast Apple's statement with the actions of Reddit and Twitter, which forced password resets on certain accounts after learning that login information for users had been posted online — even though the sites themselves hadn't been breached.
Apple increased iCloud security in 2014 after celebrities had their private photos stolen and posted online using a weakness in iCloud accounts. It prompted users to use two-factor authentication, which requires a phone number to get into accounts.
Encouraging users to change their passwords or to enable two-factor authentication now, in light of Turkish Crime Family's claims, could stop users having their accounts taken over or deleted. Apple said in its statement on the attempted blackmail that users should enable two-factor authentication for their accounts, but it has yet to email users or send notifications to their devices that their accounts could be at risk.