iphone-imgA UK hacking group called the “Turkish Crime Family” is claiming (more on this in a moment) that they have a database of between 200 and 750 million (depending on which report you read) iCloud.com, me.com and mac.com email addresses and credentials, which they will attack on April 7 unless Apple pays them $75,000 in cryptocurrency or gives them $100,000 in iTunes vouchers. The attack will include erasing all the data on the devices and/or compromising all the data.

Apple has denied that their systems were compromised, so the question becomes: Is this claim completely false OR did they get the data from a source other than Apple?

While Apple has denied their systems were compromised – the hackers supplied sample data to a news organization, which confirmed the data was accurate, and some of the users they contacted said the passwords were only used for their iCloud accounts (which puts Apple’s statement at doubt).

Additionally, the unfortunate answer to the ‘source other than Apple’ question appears to be yes. Apparently, the criminals have been collating info from other security breaches both large (like Yahoo and LinkedIn) and small along with info from social media to create the database that will be used for the attack. The key to this is: people oftentimes use the same password for multiple sites, which makes them completely vulnerable to these types of attacks.

So, what can you do to protect yourself from this threat? It’s simple:

  1. Change your Apple ID password (especially if it hasn’t been changed in the last 90 days, or if it’s shared with other non-Apple services) http://www.wikihow.com/Change-Your-Apple-ID-Password
  2. Turn on two factor authentication on your Apple account https://support.apple.com/en-us/HT204915

What can you do in general to minimize this threat in your digital life?

  1. Don't use the same password across various services/vendors
  2. If a service supports two-factor authentication (most do), turn it on (just Google the service name and “two factor” to get instructions)
  3. Make sure your passwords are long, random, and unique


Our next few Blog Posts will be dedicated to covering this issue. Make sure to read them and they will help you navigate the uncertainty of passwords and making sure you are protected.

For access to the full length articles (with tips on addressing issues) please subscribe to our monthly informative newsletters by inputting your first name and business email address.

Copywright 2017 Partners Plus