A hacker group that calls itself the “Turkish Crime Family” claims to have hacked into Apple’s systems and to have gained usernames and passwords for 559 million Apple email and iCloud accounts.

The hackers are saying they’ll wipe out the accounts on April 7th if Apple hasn’t paid the ransom. If Apple doesn’t pay a ransom, the hackers say they will remotely wipe the accounts. While the company has not confirmed the authenticity of the scoop, an unidentified spokesperson told Fortune that the data may have come from stolen LinkedIn accounts. Apple is controlling to block unapproved access to user accounts and is working with law implementation to recognize the culprits involved.

The company goes on to recommend that its users always choose strong passwords, not repeat passwords across sites, and to enable two-factor authentication.

ZDnet took a closer look into the TCF’s claims and obtained a set of 54 account credentials from the group’s alleged cache of over 750 million emails.

According to a person who was familiar with the contents of the alleged data set, numerous email accounts and passwords contained within it matched data leaked in a past breach at LinkedIn.

Users are suggested to use a password that offers “high-entropy” aspects.

Whether or not the hackers are indeed in possession of these passwords, you can protect the contents of your phone in case.

“Extra prevention”, he says, “helps thwart attackers when they do happen to get ahold of your password”.

Apple provides two-factor authentication for iCloud, and accounts with the option turned on are protected even if their password is compromised. You can use a password manager, such as LastPass to create and manage such passwords for you.

In another Apple-related development, the news leak organization WikiLeaks today posted new documents from the Central Intelligence Agency (CIA) that purport to show how the agency can infect Apple products to gain persistent access to Mac computers, iPhones, and other devices. Apple product owners with multiple generations of devices could have some difficulty with the incompatible systems-but you should still apply the extra safety steps as best you can, as soon as you can, too. Users are prompted to enter a security code to log in, which is sent on the phone.