Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security Apple

Some Of Hacker Group's Claims Of Having Access To 250M iCloud Accounts Aren't False (zdnet.com) 45

Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones. Apple could stop them, they said, if it paid them a ransom by April 7. In a statement, Apple said, "the alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services," and that it is working with law enforcement officials to identify the hackers. Now, ZDNet reports that it obtained a set of credentials from the hacker group and was able to verify some of the claims. From the article: ZDNet obtained a set of 54 credentials from the hacker group for verification. All the 54 accounts were valid, based on a check using the site's password reset function. These accounts include "icloud.com," dating back to 2011, and legacy "me.com" and "mac.com" domains from as early as 2000. The list of credentials contained just email addresses and plain-text passwords, separated by a colon, which according to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, makes it likely that the data "could be aggregated from various sources." We started working to contact each person, one by one, to confirm their password. Most of the accounts are no longer registered with iMessage and could not be immediately reached. However, 10 people in total confirmed that their passwords were accurate, and as a result have now been changed.
This discussion has been archived. No new comments can be posted.

Some Of Hacker Group's Claims Of Having Access To 250M iCloud Accounts Aren't False

Comments Filter:
  • Dictionary attack? (Score:5, Interesting)

    by known_coward_69 ( 4151743 ) on Friday March 24, 2017 @10:29AM (#54102743)

    chances are people reuse passwords and they were able to log on to people's icloud using credentials from another site.

    • by Anubis IV ( 1279820 ) on Friday March 24, 2017 @10:46AM (#54102881)

      More or less. Here's some information not mentioned in the summary...

      • Most of the people admitted to reusing the password on other major sites, though a few claimed they hadn't.
      • None of the people ZDNet reached had changed their iCloud password since first opening it.
      • All of the people ZDNet was able to reach were located in the UK. The hackers refused to turn over any US-based account credentials.
      • ZDNet seems to think the compromise(s) must've happened somewhere between 2011 and 2015, based on info from the users, but I'm not sure I trust that assessment (they indicated none of the passwords had changed, but also said at least one of the passwords was no longer in use which allowed them to specify a date range, but I don't see how both can be true).

      By all appearances, Apple's assertion that this is a collection of information obtained from other sources, rather than an actual iCloud leak, appears to be true, so it's not likely a dictionary attack against iCloud, so much as it is data obtained from other hacks. Even so, that doesn't negate the risk these users face; it merely shifts the blame to third-parties. Of course, the fact that a lot of this data appears to be outdated or else linked to accounts no longer in use may end up saving quite a few people from the hassle of dealing with the fallout of a hacked account.

      Also, sounds like this hacking group is a farce, given that they "fired" one of their members and have been sending conflicting messages to the media while asking whether or not CBS will cover them.

      • They mean nobody has used it in a long time. Presumably the account owner switched to Android or created a second account and used that after a certain date.
        • Even if we took it to mean that, it doesn't change ZDNet's inability to use the info to narrow the range of dates.

          The password was clearly still associated with an account, even if that account was no longer is active use. Likewise, the password may have been reused with inactive accounts elsewhere, any one of which may have been compromised at any time. Just because the person only used the account in question between 2011 and 2015 doesn't mean that that's the only time the credentials could have been stol

      • "By all appearances, Apple's assertion that this is a collection of information obtained from other sources, rather than an actual iCloud leak, appears to be true"

        "Most of the people admitted to reusing the password on other major sites, though a few claimed they hadn't."

        I re use passwords too. There ain't no one who doesn't. That some had unique passwords is significant, yet you gloss over that. You can think that some users are lying, but i'll bet its for real. I re use passwords, but for very important s

        • I re use passwords too. There ain't no one who doesn't.

          Sure there are. You're talking to a site full of nerds who use password managers that generate unique passwords. Hell, I've got my parents and wife doing it too.

    • If this is true then why hasn't apple sent me a password reset notice? In this particular case I agree with them not paying the ransom as there's no way to verify the passwords would be deleted.

      verifying 50 is not a convincer they have millions. turning over 5 to 10% of the number would be. The fact they could easily have done that and didn't tells me they don't have this.

      Of course that didn't stop me from changing my password just in case.

  • by Anonymous Coward

    Is it true then?
    Maybe they have 249,998,743. If that's so, the claim of them having 250M accounts is a blatant, egregious lie and everyone involved should be taken to task and reprimanded.

  • by theraptor05 ( 908452 ) on Friday March 24, 2017 @10:43AM (#54102853)
    Some (but not all) parts of the headline are mostly not entirely unlike parsable English
    • I read your comment while drinking a cupful of liquid that is almost, but not quite, entirely unlike tea.

    • It's fucking ridiculous.

      "Some Of Hacker Group's Claim Of Having Access To 250M iCloud Account Aren't False"

      Let's start with the easiest thing to correct. "250M iCloud Account" should be "250 Million iCloud Accounts".
      And while we're telling shitty headlines to fuck off, we can tell them to at least follow their own bullshit rules and not capitalize the first letter of "of". I fucking hate style guides (because they're arbitrary, inconsistent, and ambiguous) but no major style guide (such as AP, Chicago, AP

  • They have more iCloud account credentials than the Fappening "hacker" had, but less than he had Google account credentials.

    And likely they used the same primitive phishing methods to get them. The End.

  • by pablo_max ( 626328 ) on Friday March 24, 2017 @10:59AM (#54102997)

    And there are still so many ding dongs that keep naked pics of themselves an other sensitive information in the cloud. Just carry your dick pics in attache case to easily hand out to stranger, like a normal person.Sheesh.

  • email addresses and plain-text passwords, separated by a colon

    Always have a colon in your passwords!

  • It seems like this would be pretty easy for Apple to prevent. They know this is coming, and they control the servers that would initiate the remote wipes. If they suddenly saw 250 million requests for remotely wiping devices, why would they actually carry those out?
  • I am debating in talking my boss into a company wide email (that 90% of people will ignore) to reset iphone passwords. Or just making up a sign explaining what happened and putting out side my cube when the phones start resetting..

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...