A hacker or group of hackers is threatening to reset a cache of millions of iCloud accounts and remotely wipe Apple devices, unless Apple pays US$75,000 in Bitcoin or Ethereum or US$100,000 worth of iTunes gift cards before 7 April.
The Turkish Crime Family said it would delete the data in the event that the ransom was paid.
A report in Motherboard said the group had shown its reporter screenshots of what were claimed to be emails between the group and Apple's security team.
The website also said it had been given access to an email account that was allegedly used to communicate with Apple.
{loadposition sam08}Within that account, one email, apparently from an unnamed member of Apple's security team, said: "Are you willing to share a sample of the data set?"
This communication took place about mid-March. Motherboard said the email headers showed the return-path was to an address with the @apple.com domain.
A video of the hackers opening some of the alleged stolen accounts was uploaded to YouTube, the report said, with footage of what was said to be a log-in into an elderly woman's iCloud account. That video does not appear to be available anymore.
The website said it had also seen a screenshot of another message from Apple security, which read: "We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it's seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law."
The email added that archived communications with the hackers would be sent to law enforcement authorities.
Varying claims have been made about the quantum of data that the hackers claim to have. One claim said they had access to more than 300 million Apple email accounts, with both @icloud and @me domains included.
But another claim said the number was 559 million.
Commenting on the imbroglio, Webroot senior threat research analyst Tyler Moffitt said: “This issue illustrates that no matter how reputable or confident a company is with their security policies, they are still vulnerable and at risk at all times.
"Unless there are adequate back-up policies in place, I have no doubt that the ransom will be paid, regardless of what Apple publicly claims."
He added that there was a good chance of this data eventually appearing on the dark net, no matter what the outcome.
David Dufour, senior director, Engineering and Cyber Security at the same company, had some advice for Apple users.
"First, if you still have access to your data, back it up to a DVD, USB or some other offline source," he said.
"Second, change your password. This should prevent the cyber criminals from gaining access to your account and deleting the data. This assumes they don't still have access to the backend systems."
Dufour said if a user could not access his or her account or data, they should contact Apple right away.