Kerem Albayrak, a 22-year-old man has been sentenced a suspended jail-term today in London for threatening Apple in 2017 with hacking into 250 million iCloud accounts and mass resetting iPhones and iPads.
He was sentenced to a two-year suspended jail-term, 300 hours of unpaid work, and 6 months without any access to any electronic device.
The UK National Crime Agency has labeled Kerem the spokesperson, or public face for a hacker group called Turkish Crime Family. This is all started when Kerem sent an email to Apple’s security team on March, 12th 2017 claiming he had gained unauthorized access to iCloud accounts and that he was planning to sell them online.
Holding the data he allegedly had access to hostage, he told Apple if they pay him $75,000 USD in cryptocurrency or 1,000 $100 iTunes gift-card then he wouldn’t sell and delete the data. Knowing the public was skeptical of him truly having gained access, he posted a now-deleted YouTube video showing him accessing different iCloud accounts.
As if that wasn’t enough, on March 21st he upped the threat, demanding Apple pay him $100,000 USD or else he would reset the password and data of over 250 million iCloud accounts.
From the moment Kerem contacted them, Apple notified authorities. Confident of their own security measures Apple continued to refuse to give in to his threats, nonetheless, Kerem continued to increase the hype for the attack.
On March 28th, 2017, the UK National Crime Agency arrested him and said they found zero evidence he ever accessed Apple’s iCloud infrastructure or any other Apple system.
Apple did say however that Kerem did retrieve a small number of iCloud accounts who reused passwords, and iCloud accounts of users who use a similar password for multiple websites. As expected, Kerem pleaded guilty and the sentence was carried out, no other arrests have been made public at this time.