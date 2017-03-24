Some Of Hacker Group's Claim Of Having Access To 250M iCloud Account Aren't False (zdnet.com) 21
Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones. Apple could stop them, they said, if it paid them a ransom by April 7. In a statement, Apple said, "the alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services," and that it is working with law enforcement officials to identify the hackers. Now, ZDNet reports that it obtained a set of credentials from the hacker group and was able to verify some of the claims. From the article: ZDNet obtained a set of 54 credentials from the hacker group for verification. All the 54 accounts were valid, based on a check using the site's password reset function. These accounts include "icloud.com," dating back to 2011, and legacy "me.com" and "mac.com" domains from as early as 2000. The list of credentials contained just email addresses and plain-text passwords, separated by a colon, which according to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, makes it likely that the data "could be aggregated from various sources." We started working to contact each person, one by one, to confirm their password. Most of the accounts are no longer registered with iMessage and could not be immediately reached. However, 10 people in total confirmed that their passwords were accurate, and as a result have now been changed.
Dictionary attack? (Score:3)
chances are people reuse passwords and they were able to log on to people's icloud using credentials from another site.
More or less. Here's some information not mentioned in the summary...
If this is true then why hasn't apple sent me a password reset notice? In this particular case I agree with them not paying the ransom as there's no way to verify the passwords would be deleted.
verifying 50 is not a convincer they have millions. turning over 5 to 10% of the number would be. The fact they could easily have done that and didn't tells me they don't have this.
Of course that didn't stop me from changing my password just in case.
Head over to SoylentNews. Very little politics and actual tech/hacker stuff. Plus they even have more creative trolls.
Not False (Score:1)
Is it true then?
Maybe they have 249,998,743. If that's so, the claim of them having 250M accounts is a blatant, egregious lie and everyone involved should be taken to task and reprimanded.
It might not always be partially incorrect (Score:2)
So compared to The Fappening ... (Score:2)
And likely they used the same primitive phishing methods to get them. The End.
Ding Dongs (Score:2)
Lession Learned (Score:1)
email addresses and plain-text passwords, separated by a colon
Always have a colon in your passwords!