On the heels of World Backup Day a largely unknown group calling themselves the Turkish Crime Family are threatening to remotely wipe up to 300 million Apple devices on April 7th. The group claim to have a stash of ICloud and other Apple email accounts and are demanding Apple pay them $75,000 in Bitcoins or $100,000 worth of ITunes gift cards.
In attempts to extort Apple and prove their relevance, the group posted a video of themselves on YouTube logging into some of the stolen accounts. They then proceeded to wipe an elderly woman’s Icloud data. While Apple claims that there have been no breaches in any of their systems, including ICloud and Apple ID’s the alleged list of email addresses and passwords the criminals have in their possession are legit.
This particular hacking group appears to be less organized and somewhat inconsistent in their claims, one story claimed 300 million accounts were stolen while another hacker claimed they had access to 559 million accounts. The ransom they are requesting is odd as well. $75,000 in Bitcoins for 300 + million accounts is cheap… and the option to pay them with $100,000 worth of ITunes gift cards just means they have to go through additional money-laundering schemes to make those card useful. That’s a lot of work for hackers.
In either case, this doesn’t mean that you shouldn’t be concerned. The most likely culprit here is users with weak passwords for their Icloud and Apple ID accounts and/or some 3rd party service that has been compromised where the same weak passwords and emails were utilized.
So what should you do?
Always use unique and difficult passwords to your bank, social media accounts and email accounts. This includes Google, Icloud and Apple ID’s. Using the same passwords throughout your digital life makes it super easy when a service or software gets compromised the hacker not only has access to that set of info, but potentially all your other accounts, since you made them all the same.
Difficult passwords suck… but it that’s part of what makes it suck for hackers too!
Do not use your important passwords across other sites, and turn on two-factor authentication. It’s been an option on your Apple devices since iOS9, and it adds an extra layer of security for you. So you should be using it.
Here’s how to turn it on.
Reset your Icloud and Apple ID passwords today and make them strong and unique.
You don’t want to risk waking up to a wiped IPhone on April 7th!