A group of hackers who claim to have access to a large amount of iCloud (Apple ID) logins are threatening to wipe the accounts if Apple doesn't pay a ransom by April 7. The hackers didn't breach iCloud to get the data but collected it from a variety of other sources, including breaches of LinkedIn and Last.fm where identical passwords were used for accounts.
If you have any concerns whatsoever about the security of your iCloud account, you're going to want to change your Apple ID password immediately and, if you haven't already, turn on two-factor authentication.
You're sure iCloud hasn't been hacked?
Pretty sure. Even the hackers say they didn't breach iCloud to get this data.
Has Apple said anything?
Yes, in a statement to CNET, Apple said:
Then how did the hackers get the passwords?
Looks like they were aggregated from a variety of other sources. ZDNET has done some digging:
How can hacking one system get you data for another?
At the risk of making a bad analogy: If your cottage has the exact same front door key as your house, and someone steals your cottage key, you need to change your house key as well or the thief can get into both.
If your cottage and your home have different front-door keys, if someone steals your cottage key, they can't also use it to get into your house.
In other words, if you used the same password for iCloud that you used for LinkedIn, Last.fm, or any other system that has even potentially been exposed over the last several years — and Yahoo! alone has had hundreds of millions of accounts exposed —by getting the LinkedIn or Last.fm password, they also got your Apple ID password.
So, you need to change your iCloud password?
If you used the same password for another account that you used for your Apple ID password, you need to change your password. If you don't remember whether or not you re-used a password, you're going to want to change your password. If you've done anything other than use long, strong, unique pseudo-random passwords generated by a password manager app like 1Password or Lastpass, you're going to want to change your password.
And turn on two-factor authentication (2FA), right?
Yes! With two-factor authentication, even if someone, somehow, does get your iCloud password, they still won't be able to access your account, change it, delete it, or attack it or you in any way. Because they won't have the two-factor code in addition to the password, and that keeps them locked out.
It's like having a key and a combination lock on your house, but the combination lock is changing all the time and only you know how to get the current one. Nothing's perfect, but 2FA makes you significantly safer than a password alone.
Why does this keep happening?
Data is valuable. Data is power. Data is money.
It's why Google and Facebook want it. It's why banks and health organizations need to protect it. It's your personal, private pictures, your financial accounts, your medical records, your intimate communications — it's more about you than you likely remember at any given times.
Stealing it is a way to extort, blackmail, defraud, and otherwise profit from your data. Long, strong, unique passwords and two-factor authentication is a way to protect yourself.
Any iCloud, Apple ID, or password questions?
If you have any questions about iCloud, your Apple ID, or passwords in general, drop them in the comments below!
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.