Despite Apple denial, hackers prove stolen iCloud data is real

Apple confirmed on Thursday that its servers were not hacked, after reports earlier this week claimed that hackers are holding hundreds of millions of accounts for ransom. Even though Apple said it did not suffer a data breach, and that it’s monitoring the situation, the publicity-hungry Turkish Crime Family (TCF) hackers still have an April 7th deadline in mind.

At that point, they say they will remotely wipe hundreds of millions of iPhones that are tied to the Apple ID databases they have obtained. While it all sounds pretty questionable, a new report indicates that the hackers may indeed be sitting on a huge cache of genuine Apple ID accounts, complete with passwords.

Don't Miss: Netflix has 25 new originals set for release in April – here’s the full list

The hackers gave ZDNet a sample of 54 sets of credentials, and the tech blog discovered that the accounts were indeed valid.

ZDNet contacted the users, who appear to all be UK-based, and verified the passwords. Of the 54 accounts, only 10 were still in use. The people were using different cellular networks, and they owned different devices, including iPhone, iPad, and Macs.

These details seem to indicate that the data doesn’t originate from one specific carrier, and that no single Apple product line has somehow been compromised.

Most of the account owners in this case say that they have had the same passwords on iCloud for four or five years, and they also use the same email address and password combinations on other sites. Three people said the iCloud email and password were unique to iCloud, which is a puzzling detail for this investigation since Apple denies that its servers were breached.

ZDNet believes that the data may come from breaches that occurred between 2011 and 2015.

The overall implications of these findings are clear: the threats are not empty. All users should go ahead and change their iCloud password right now, and it never hurts to enable 2-factor authentication as well. Also, users should make sure they don’t use the same user name and password combination anywhere else, no matter how convenient it might be.

Trending right now:

  1. Apple says CIA’s arsenal of iPhone and Mac exploits is outdated

  2. Netflix has 25 new originals set for release in April – here’s the full list

  3. You can use your Xbox One without this $23 gadget, but we’re not sure why anyone would

See the original version of this article on BGR.com