Quietly, a group of hackers called the Turkish Crime Family announced on Twitter that they plan to factory reset 300 million iCloud accounts on April 7th. The news hasn’t been widely spread, mainly because there is a question of the data’s legitimacy. They’ve demanded $70,000 from Apple, but Apple seems uninterested in their threats since no payouts have been made.
If you have an iPhone or an iPad, you probably have an iCloud account. An iCloud account is how you never lose data even if you switch to newer Apple devices. When you connect to an open Wi-Fi connection (either at home or at a public place), your iPhone and iPad will synchronize data with the cloud so that you get a backup of your settings, applications, emails, text messages and pictures.
Some Apple users have reported suspicious activity on their devices and feel that it could be signs that the hacking group will keep their promise. Apple made a statement that no serious security breaches were made, and it’s apparent they don’t believe the hackers have access to millions of accounts. Apple could potentially force users to reset their passwords, but as of now no reset requirements have been pushed to iCloud users.
The hackers sent Motherboard several emails they exchanged back and forth with Apple. Apple later responded that they would not reward criminals, and the data was from aggregate hacked accounts found across the Internet.
“The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services,” Apple said.
ZDnet contacted ten of the users found in the sample list and all ten users admitted that the passwords were indeed theirs. It’s still unclear if the credentials exposed were from smaller breaches that the hackers aggregated and plan to use for extortion. It’s not uncommon for hackers to buy smaller lists on DarkNet, put them together in one list, and then resell them as new accounts.
If you have an iCloud account, you have two options before April 7th.
- Change your iCloud password
- Sign up for two-factor authentication
You can change your iCloud password in the settings on your device. Go to Settings and scroll down to the iCloud link. If you are already signed in, you will see your email address under the iCloud settings icon.