Apple will face a storm of questions following the news of this alleged breach
Hackers have gained access to a large cache of iCloud and other Apple email accounts and are attempting to extort the company over the breach.
The ransom demanded by the hackers reportedly stands at $75,000 in Bitcoin, or alternately $100,000 in iTunes gift cards. Conditions have been presented to Apple, specifying that if terms were not satisfied before the 7th of April, the accounts would be reset to the factory state, remotely removing all existing data.
Known as the ‘Turkish Crime Family’, the group has been inconsistent with the number of stolen accounts it says it has at its disposal, figures have included 200 million, 300 million and 559 million according to reports from Motherboard.
David Kennerley, Director of Threat Research at Webroot said: “If this is proven to be a legitimate breach the consequences for Apple and its millions of users would be far reaching. There’s a lot of questions that need to be answered such as, do these hackers really have access to the data they claim? How did they get hold of such a large amount of data? Was it a vulnerability in Apple’s infrastructure or breach of third-party tool or organisation? Or does the fault lie with good old password re-usage between sites and apps from a consumer side?”
The world will be watching the industry giant eagerly to see how it deals with the breach if it is true, and if it matches the scale indicated by other reports. At a time when cyber-crime has never been so ubiquitous, what is happening to Apple is a global concern for businesses.
“The big question for Apple is what procedures are in place to prevent the destructive action threatened by the hackers? Without a full understanding of what the hackers really have, the true quantity and how they came by it, everything thereafter can only be a best-guess scenario,” said Kennerley.
This instance is also a further example of the growing use of ransomware within the new cyber landscape, and the reputation of big brand, organisation and company names are on the line.
Dan Sloshberg, cyber resilience expert at Mimecast, said: “Ransom attacks are the most popular method used by cyber criminals today. Perpetrators have simply become too good at it and quietly paying attackers off in the event that networks are breached is quickly becoming the norm and only emboldens them further. An effective cyber resilience plan should involve stronger methods of prevention and third-party archives to get businesses back on their feet if something still gets through.”