Stop reading this post, go change your iCloud password, and set up two-factor authentication.
A London-based hacking group calling itself the Turkish Crime Family claims to have the passwords to 559 million iCloud accounts. Holding this data for ransom from Apple, the organization is demanding either $75,000 in a cryptocurrency like BitCoin, or $100,000 in iTunes gift cards. If Apple doesn’t comply by April 7, the criminals say they will reset these passwords and remotely wipe the iPhones associated with each account.
ZDNet did some investigation into the veracity of the threat, obtaining 54 of the accounts and their corresponding passwords from the hackers. Ten of these 54 were found to have been legitimately hacked. That ought to be enough to make you suspicious. Whether every logistical detail of this extortion is true or not, changing your iCloud password right now will go a long way in making the problem disappear — at least for yourself.
Apple says there is no problem here. In a statement to Motherboard, the Cupertino firm says there “have not been any breaches in any of Apple’s systems, including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
The company goes on to recommend that its users always choose strong passwords, not repeat passwords across sites, and to enable two-factor authentication. It’s good advice; take it.
Security analysts have remarked on the disparity between the size of the alleged breach and the relatively low amount sought in ransom. With 559 million accounts going to just $75,000, the Turkish Crime Family values each account at just 1.3 cents, or 1.7 cents in iTunes credit.
Have you changed your password yet?