Over the last week, there have been reports of a gang, calling themselves the Turkish Crime Family, promising to delete data from millions of iCloud accounts.
Apple’s response was that their systems weren’t breached and that the potential attack is likely the result of users having their credentials stolen in other breaches.
In my view, Apple’s response was correct but it seriously understated the threat.
We all face a significant challenge – managing the hundreds of different user accounts we accumulate while online. And the bad guys’ most powerful tool for breaking into systems and stealing data is compromising a user account.
It doesn’t matter how strong a computer of business’ security is. If someone has your username and password, then it’s game over.
In order to access iCloud accounts, the Turkish Crime Family doesn’t need to hack Apple. If we take Apple at its word – and I have no reason to doubt them – the iCloud accounts that may be compromised will have the same username or email address and password as an account that was compromised at some other breach.
So, what should you do?
I implore every iCloud account holder to change their password to one that they do not use on any other service.
And enable two-factor authentication. This will ensure any attempt to log into your account will require a six-digit code entered. That code will be sent to another device you own and trust so even if a hacker has your password they won’t be able to log into your account.