He claimed to have access to over 300 million iCloud accounts and threatened to factory reset all accounts unless Apple pays a ransom of $75,000 (roughly Rs. 53,40,000) in cryptocurrency or $100,000 (roughly Rs. 71,19,600) worth of iTunes gift cards in return for deleting his database.
Albayrak gave Apple a deadline until April 7, 2017, to pay the demanded amount. However, if the company failed to meet his demands, Albayrak threatened that he would start remotely wiping the victim’s Apple devices, factory reset iCloud accounts, and dump the stolen database online. A week later, Albayrak filmed a video of accessing two accounts and sent the footage to Apple.
Apple then contacted law enforcement in the UK and US, and the NCA led the UK side of the investigation.
On 28 March 2017, the National Cyber Crime Unit arrested Albayrak at his home in north London. The team also seized his digital devices, such as smartphones, computers, and hard drives.
The NCA investigation into the matter confirmed that there were no signs of a compromise of Apple’s iCloud network and that the data Albayrak claimed to have in possession was actually from “previously compromised third-party services which were mostly inactive.”
On 20 December 2019, Albayrak was sentenced at Southwark Crown Court and given a two year suspended jail term, full 300 hours of unpaid work in the neighbourhood, and a six-month electronic curfew.
The blackmailer wrongly believed he could escape justice after hacking into two accounts and attempting to blackmail a large multi-national corporation.