Impending iCloud Hack: True or False?
It's hard to know if the Turkish Crime Family's threat against Apple's iCloud web services can be taken seriously. In any event, taking the precautions outlined below are prudent.
A hacker group, that goes by the name of the Turkish Crime Family, claims that it has the credentials to 250 million iCloud accounts and is threatening to reset the passwords and remotely wipe customer devices if Apple doesn't pay a ransom by April 7. The hackers have attempted to prove the veracity of their claim by providing a sample of usernames and passwords to computer security experts who have all been alarmed by what they have found. Troy Hunt, who I recently mentioned in a blog post, has determined that over 99.9 percent of the 70,000 records supplied by the hackers matched to a pwned account in his database. In short, the threat is real (enough) that it should not be ignored, and you should take the following actions, as soon as possible.
Steps to be taken:
First: Backup everything in iCloud to your computer by doing an iTunes backup.
Plug your device into your Mac or PC with iTunes on.
Click on the little phone icon that will appear at the top left once your device is connected.
Click on Summary in the left-hand column and look half way down the right column to find "Backups."
Click on "Back Up Now."
Second: Change your iCloud/Apple ID Password. iCloud and AppleID are the same thing. On a computer, go to Apple ID Account Management Page and follow the prompts for changing the password. Use a good password. I've written about this enough; I recommend 12 characters, using uppercase, lowercase, numeral, punctuation and special character. Do not use a password that you have used before or that you use anywhere else. From an iDevice, with iOS 10.3, you'll find the setting at the very top of "Settings." Tap on your name, tap on Password & Security. I recommend updating to 10.3 asap. It makes all of this much easier. Yes, you are going to need to sign back in to iCloud from each of your devices. Yes, I know it's a pain. Third: Activate 2 Factor Authentication. Attention: Two-Factor Authentication is not the same as Two-Factor Verification. (Go figure.) If you already have 2-Factor Verification, you'll need to turn it off and then set up Two-Factor Authentication. <sigh> Here's how.) On you iPad or iPhone:
Go to Settings > iCloud > tap your Apple ID
Tap Password & Security
Tap Turn on Two-Factor Authentication
On your Mac :
Go to Apple menu > System Preferences > iCloud > Account Details
Click Turn on Two-Factor Authentication
Blizzard You Say?
I know this email sounds a lot like the hyperventilating meteorologist telling you to go buy milk, eggs, bread and toilet paper. And, it is possible that absolutely nothing will happen on April 7 or anytime thereafter that will affect the safety of your emails, photos, music, correspondence, etc., etc.
I know the instructions I have provided above call for a bit of work, will take some time, and can be confusing.
Let me say that I am taking these precautions myself, and am urging all my family, loved ones and friends to do the same.
The simple fact of the matter is this: All of what is recommended above is a very good thing to do, even if there is no imminent threat.