Leaked iCloud credentials obtained from third parties, Apple says
A group of hackers threatening to wipe data from Apple devices attached to millions of iCloud accounts didn’t obtain whatever log-in credentials they have through a breach of the company’s services, Apple said.
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” an Apple representative said in an emailed statement. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
A group calling itself the Turkish Crime Family claims to have login credentials for more than 750 million icloud.com, me.com and mac.com email addresses, and the group says more than 250 million of those credentials provide access to iCloud accounts that don’t have two-factor authentication turned on.