The representative said that the group's members are originally from Istanbul, Turkey, but that they now "rep" Green Lanes, an area in North London.
Karim Baratov, a Canadian national, was indicted last week for allegedly hacking into email accounts at various email providers at the request of two officers from the Russian Federal Security Service, the FSB. The same indictment accuses the two FSB officers and a Russian hacker for breaking into Yahoo's infrastructure and gaining access to over 500 million Yahoo accounts.
The Turkish Crime Family's claims haven't been confirmed by Apple so far, but someone posted a video on YouTube showing some of the leaked credentials being used to access iCloud accounts.
The group claims that the person who posted the video is not one of their members, but that he had access to one of the servers hosting their database, which is how he managed to get the credentials and record the video.
The video shows usernames and passwords in plain text, even though Apple most likely doesn't store passwords in plain text in its database. This would be a very bad security practice and one that serious websites have avoided for many years.
However, it is possible that these passwords were stolen as part of other breaches or cracked from stolen cryptographic hashes and then matched to iCloud accounts due to password reuse practices. Most passwords shown in the video are not complex enough to withstand brute-force attacks.
If Apple does confirm the group's claims, it could force password resets for its entire iCloud user base just to be on the safe side. Until then, concerned users can change their passwords on their own and turn on the iCloud two-factor authentication feature.
Sign up for Computerworld eNewsletters.