Tuesday, March 28, 2017

Hackers threaten mass iCloud carnage: don't panic, but do enable 2FA

There have been rumblings in recent weeks (with varying degrees of credibility and/or paranoia) of several hundred million Apple accounts stolen by hackers, with a threat that the iPhones, iPads, and iCloud backups associated with these accounts will be deleted on April 7 unless Apple pays a ransom fee. The threat is that owners of those account could wake up to find all their pictures, all their files, all their data, deleted forever.

ZDNet's Zack Whittacker has a sane take on the matter: Apple has not been hacked, but people are prone to reusing the same passwords across all the apps and websites they use - many of which have been breached. ZDNet's analysis has found that not all the accounts the hackers claim to have compromised, are indeed compromised - but a not insignificant number are.

What you need to know:
  • If you haven't changed your Apple (aka iCloud) password recently (as in, within the last 6 months or so), it wouldn't be a bad idea to change it now. 
  • Use separate passwords for each account, so one stolen password doesn't put all your other accounts at risk.
  • Enable two-factor authentication on any accounts that matter to you, so a stolen password by itself isn't enough to break into your account and steal or delete your valuable data. Here's how to enable it on your Apple ID: https://support.apple.com/en-us/HT204915

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen