News broke earlier this week that “hackers” were trying to extort Apple for $150,000 in Bitcoin or they would reset the iCloud accounts and remotely wipe somewhere between 300 - 600 million iCloud users.
Whether or not the allegations are true are highly suspect. However, given recent major security breaches at other cloud service providers, people who use the same compromised username and password for their Apple ID are at risk.
Apple has refused to pay the ransom, a move which I personally applaud them for. Apple issued a statement to Fortune stating:
There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,…the alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.
Protecting yourself from a breach like this is not difficult.
- Do not reuse passwords across services
- Consider using a password manager to ensure that you have strong unique passwords across all your various accounts
- Turn on two-factor authentication for your Apple ID and other services that support it
- Have good local backups of your devices so you can recover data in the event of a loss.
- Help your friends and family implement these procedures as well