It’s been a strange few days for Apple. On Tuesday, reports emerged that a hacker group calling itself the “Turkish Crime Family” is claiming to have compromised hundreds of millions of iCloud and .mac accounts.
Which is bad. Worse, however, is the extortion. The Turkish Crime Family is also demanding that Apple pay to get those accounts freed. Specifically, the group says it wants $75,000 in cryptocurrency, either Bitcoin or rival Ether, to get the group to delete its list of hacked accounts. The group is also apparently willing to accept $100,000 worth of iTunes gift cards.
The group has given Apple a deadline of April 7 to meet its demands.
If that sounds like a very reasonable set of blackmail demands on the biggest, richest company on Earth to get half a billion of its users’ information back — it is worth noting that that the good deal probably stems from the fact that the Turkish Crime Family may be bluffing.
While Apple has not confirmed or denied the veracity of the list of accounts and credentials the group already has, Apple has noted that wherever they got that data, it wasn’t from Apple, since their systems have not been breached.
An Apple spokesperson told Fortune in an emailed statement that, if the list is legitimate, it came from some where else.
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the spokesperson said. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
A person familiar with the contents of the alleged data set noted that many of the email accounts and passwords contained within it matched already identified leaked data from the LinkedIn breach.
Will thieves be able to make good on their threat to wipe over half a billion phones? While it is not impossible — Apple says it is rather unlikely.
“[Apple is] actively monitoring to prevent unauthorized access to user accounts and working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
The company representative declined to elaborate on what steps Apple had taken to monitor the situation, past saying such monitoring is “standard procedure.”