Apple Says Systems Not Breached After Hackers Threaten To Wipe Millions Of iPhones

Image courtesy of 713 Avenue

Earlier this week, a group of hackers claimed to have email addresses and passwords for hundreds of millions of Apple accounts, and that it would use this information to remotely erase massive numbers of iPhones if a ransom weren’t paid. For its part, Apple says no account information was stolen from its servers.

If this purloined personal data exists, Apple tells Fortune, it likely came from a compromised third party, not from Apple’s network.

“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” an Apple spokesperson told Fortune. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

In fact, a person with knowledge of the alleged list of credentials tells Fortune that many of the accounts actually match data that was leaked in a breach of LinkedIn’s servers in 2012.

The extent of that hack was revised last year, with the company saying another 117 million email addresses and passwords — that’s on top of the 6.5 million already affected — were also for sale on an underground marketplace.

Motherboard first reported this week that the group of hackers — known as the Turkish Crime Family — allegedly gained access to a list of between 300 million and 559 million iCloud and Apple email accounts and planned to delete the associated devices on April 7.

The group says the threatened attack can be avoided if Apple pays a significant ransom, in the form of either iTunes gift cards or crypto-currency (Bitcoin or Ethereum).

While Apple says the pilfered credentials didn’t come from its systems, a rep tells Fortune that the company is always “actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved.”

In the meantime, the company said customers could take steps to prevent ne’er-do-wells from gaining access to their accounts.

“To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication,” the rep tells Fortune.