A security researcher says he has debunked threats made by a group of hackers to wipe 800 million Apple accounts, revealing the assailants don't have the hundreds of millions of credentials they claim.
A group calling itself the Turkish Crime Family has threatened to wipe data and iPhones connected to the Apple accounts unless they receive a ransom.
The mass deletion was scheduled to take place today, April 7, but researchers have cast doubt over how many Apple accounts the group actually has.
Analysis of a sample set of purloined account data performed by Troy Hunt, who runs the Have I Been Pwned data breach reporting website, shows that the information correlates to data leaked in earlier breaches, not new credentials.
Hunt crunched the numbers on account data provided to ZDNet which was said to represent a portion of the hundreds of millions of Apple credentials that the "Turkish Crime Family" hackers possess.
He found that the vast majority - 98 percent - matched accounts already listed as compromised in the Have I Been Pwned collection of data breaches.
Most accounts were from the online game Evony data breach, followed by MySpace, LastFM, Adobe and LinkedIn credentials.
Hunt believes the hackers have simply cobbled together a list of email addresses using Apple domains like .me, .me.com.au, .icloud.com and similar from existing data breaches.
Based on that, he believes the Turkish Crime Family has nowhere near the claimed 200 to 800 million Apple accounts in its possession.
Instead, Hunt estimated that the number of accounts the hackers have logins for is around 53,000. Of these, many won't be at risk as people have changed passwords, or the accounts are no longer valid, Hunt said.
While some accounts will be at risk, others will be protected by multi-factor authentication, meaning even if the hackers have passwords, they won't be able to log in and perform data deletion and device wiping.
"The chances of anything of significance happening to Apple accounts today is near zero," Hunt said.
"The only people likely to be adversely impacted by this are those who chose poor passwords that were readily cracked, reused them across services, had them exposed in (probably) the Evony data breach, don't have multi factor auth turned on at Apple, failed to change them after all the news about this and finally, were not protected by Apple come the deadline.
"In other words, innocent people who made a series of very bad security choices."
Update 11/4: The hacker group posted the address of a bitcoin wallet showing hundreds of bitcoins deposited on the evening of the deadline.
However, there have been no reports of wiped iCloud accounts, and Hunt and others raised suspicions that the payments were fabricated.
The Family claimed on Twitter that it had used a tumbler to obfuscate the origin of the payments.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
