Yes, this is for real. Russian entrepreneurs have figured out there is a market for this.
According to an article in ITWorld, there is a business in hacking iCloud accounts. Get the password by some means and then using EPPB from Elcomsoft, the hacker can grab just pictures or contact or messages – just what their customer wants.
And also, since this is tedious, there are posts on the hacker boards for services that will do this for a fee. You provide the credentials, they give you the data. They don’t ask how you got the credentials – they don’t want to know. That is their way to avoid the question of whether what they are doing is legal or not. Of course, if it is illegal, do you plan to go to Russia or Ukraine or some other country to arrest them? Good luck getting a US police agency to do that. We will see if the FBI finds the person or persons who leaked the nudes of Jennifer Lawrence, Kate Upton and others this weekend and IF they find them, if they can be extradited, brought to trial and convicted. That might, possibly, work if you are a famous celebrity, but fat chance if you are not.
Elcomsoft’s EPPB is targeted to law enforcement, but they will sell it to anyone who has $399. If that is too much, hacked copies are available on the hacker boards as well.
My philosophy is that any backup you put in the cloud should be encrypted and ONLY YOU should have that key. If the decryption is transparent to you (meaning the provider either has the key or can generate the key), it is likely transparent to the crooks also, so it won’t help you.
Apple says this is not their problem and recommend that you use two factor authentication when logging on to iCloud. While this is not, in my opinion, as good as what I suggested above, that is all the offer right now. It is better than nothing.
Clouds are wonderful and can be very pretty (enticing). Just make sure that you know what you are getting in to.