Your Apple Account May be Hacked! Change Your Password Before April 7th!
According to their threat, The Turkish Crime Family (The Family) claims it will hack upwards of 600 million Apple iCloud accounts on April 7, 2017. That is unless Apple pays a ransom.
iCloud Definition
iCloud is a suite of cloud-based services from Apple. These services include data storage, data backup, data synchronization, device location, and more. Synchronization of these services can be performed with computers, iOS products, and other supported devices. iCloud was formerly known as MobileMe. This service is connected with most iPhones, iPads, and Macs.
The Threat
The Family claims it will perform a “factory reset” and therefore wipe hundreds of millions of iProducts by hacking into their iCloud accounts. Prior to this threat, The Family had never been heard of. The group’s Twitter account announced on March 21, 2017: “200 Million iCloud accounts will be factory reset on April 7, 2017”. On March 22, the group increased the number to 627 million. It went on to say “…we are convinced it will keep growing until 7 April 2017”.
The Turkish Crime Family asked Apple to pay a ransom of $75,000 in either Bitcoin or Ethereum. It also offered to allow Apple to pay $100,000 in iTunes gift cards. In return, The Family will delete the iCloud user data it claims to possess. Bitcoin is the global criminal hacker’s currency of choice as it is untraceable. By contrast, the iTunes gift cards are easy to trace. Hence The Family is demanding 33% more if Apple makes the payment by iTunes gift cards.
The threat appears to be somewhat credible. ZDNET, a CBS Interactive company based in San Francisco, California, received a sample of the data that The Family claims to have and has verified that at least some of the sample data contains valid iCloud account usernames and passwords.
One explanation for how The Family obtained passwords is they have a copy of some of the login data that was obtained in a previous breach, such as the LinkedIn breach of 2012, and they believe or have confirmed that many users re-use passwords across multiple online accounts.
Apples' Response
Apple says it has no intention of paying any ransom. It has responded: “we do not reward cybercriminals for breaking the law,” which is the only answer to such a demand. Any payment made by Apple would only create additional demands of Apple by other groups.
Apple is attempting to downplay the threat. “We’re actively monitoring to prevent unauthorized access to user accounts,” said Apple. In spite of Apple’s downplaying the threat, it also has advised their iCloud users to use “two-factor verification”, which adds a significant extra layer of security at sign-in.
Apple has likely put into place some mitigation to this threat. After all, it is in their best interest to secure their customer’s accounts.
Protect Yourself
So what should you do if you have an iDevice and an iCloud account? First, reset your password. This will likely prevent The Family from accessing your account. Using a strong password is encouraged. More information about strong passwords can be found here:
You can take a further step to secure your account by turning on Two-Factor Authentication (2FA). More information on 2FA for Apple devices may be found on Apple Support here:
Once 2FA has been turned on for your account, even if someone obtains your Apple password, they would also need access to one of your iDevices to access your account. It is a security best practice.
It is also recommended that you use a unique password for each online account you have. Shared passwords are a bad thing. If a hacker obtains a password from one of your online accounts they are likely to try using that same password elsewhere and if the password is the same, bingo, they are in!
While nothing is 100% safe from hackers, using a unique strong password and turning on 2FA for the accounts and services which are important to you, will go a long way to keeping your online information safe.