A group of Hackers calling themselves Turkish Crime Family are claiming to have obtained the login credentials of 627 million Apple users. The group are threatening to wipe the iCloud accounts and Apple devices of 200m users on 7th April 2017 unless Apple meets their demand of $75,000 in crypto-currency.
While it’s unclear how seriously we should take these claims, the threat serves as a reminder that we are putting more and more of our photos, documents and other data into the cloud. Now would be a very good time to make sure that your data is protected.
I’m recommending that anyone with an Apple ID should do both of the following before 7th April:
- Change the password for your Apple ID
- Add Two-factor authentication to your Apple ID
These guides from Apple Support show you what to do next:
How credible is the threat?
A member of the hacking group Turkish Crime Family contacted the Motherboard blog with screenshots appearing to show an email conversation with an Apple employee. In the conversation, the alleged Apple employee asked for samples of the stolen data to back up their ransom demand. The hacker responded with a Youtube video in which they appeared to log into stolen accounts. After seeing the video, the employee is alleged to have responded “we would like you to know that we do not reward cyber criminals for breaking the law” – suggesting that it is Apple’s policy not to pay any ransom demand. Apple have not commented on the validity of the accounts they were shown.
The question is not whether the hackers have access to a number of Apple accounts, as they undoubtedly do, but a figure as high as 627 million accounts is far higher than anything we’ve previously heard of.
Even if the hackers really do have the number of accounts they claim, can they erase them all? Attempting to access 200m accounts and wiping the data contained in them would take vast resources, particularly given the strong security measures Apple hopefully have in place to block such a sustained attack.
What is almost certain is that if the hackers are successful, we will hear about it shortly after 7th April.
How did hackers get hold of the accounts?
Speaking to Fortune, Apple stated that any account data has not come from a hack of Apple. “There have not been any breaches in any of Apple’s systems including iCloud and Apple ID … The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services,” an Apple spokesperson said.
One such hack is the 2012 breach of LinkedIn, in which email addresses and passwords of 117m users of the social network were stolen. A report by Ofcom last year found that four in ten users said they tended to use the same passwords for most websites. So we can assume that a good chunk of those 117m LinkedIn users were using the same password elsewhere – some of them with an Apple ID.
Another way criminals get hold of login details is simply by asking for them. Recent phishing campaigns have found users receiving an email, purportedly from Apple, asking to confirm their Apple ID password. The emails are starting to look so convincing that people often don’t realise they have handed over the password that guards their iPhone.
What do I need to do?
We don’t know what is going to happen on 7th April, but I would recommend that anyone with an Apple ID should change their password to one that they don’t use anywhere else.
I also recommend switching on Two-factor authentication. This is an extra layer of security that sends a code to your Apple device every time you try to sign in with your Apple password. Even if a hacker knew your password, it would be useless to them unless they had their hands on your iPhone.
Apple provide instructions for changing your password and for Two-factor authentication:
Please share this email with anyone else you know with an iPhone or iPad. If you need assistance, I can arrange a home visit to ensure that your Apple devices are fully secured.