Some iCloud accounts were compromised; however, the sensitive data doesn’t come from Apple’s servers but from other, previously compromised third-party services, ZDNet has found after investigating the claim of the group of hackers who call themselves the Turkish Crime Family, which is possibly based in London.
The hackers first claimed they had access to 300 million accounts, but ZDNet has knowledge of 250 million, so the confusion starts right there (they doesn’t seem to know how many accounts they have access to). To confirm whether or not they have valid data, ZDNet has asked for a sample of 54 sets of credentials from the hacker group for verification.
Of those users, 10 have confirmed the accuracy of their password credentials, but most of the accounts were no longer registered with iMessage and the users could not be immediately reached. The 10 people were all based in the UK and had UK cellphone numbers from different carriers.
They have also confirmed that they have used the same passwords since opening their iCloud accounts, and most of them have had their accounts for about four or five years – since iCloud’s debut. One person said the password had not been in use for about two years, which narrows the data breach down to a period between 2011 and 2015.
Most of the people confirmed they used their iCloud email addresses and passwords on other sites such as Facebook and Twitter.
ZDNet says those using two-factor authentication are probably protected. Those who are not should reset their iCloud passwords now by heading to the iForgot.Apple.com site and enable two-factor authentication right now.
The hackers, despite being inexperienced, seem to have data aggregated from sources, so there is something ongoing. But we don’t know how big it is.