Recent hack threats on iCloud have caused concern about the security of the data of over 782 million iCloud users. According to several media sources, hackers are demanding Apple pay a ransom in bitcoin or they'll expose millions of iCloud account credentials and could potentially remotely erase customer iPhones, iPads, or Macs, causing a catastrophic loss of personal data. With so many people using their Apple devices in the workplace, this could result in huge losses of business data and productivity.
ZDNet reported on March 24, “So far, we know that a London-based hacker group, calling itself the Turkish Crime Family, has claimed to have access to 250 million accounts (at the time of writing). The hackers are threatening to reset the passwords on those iCloud accounts and remotely wipe iPhones if Apple doesn't pay a ransom by April 7.”
Apple has responded that it has not been hacked, saying “the data came from ‘previously compromised third-party services.’” The hackers confirm that the breached accounts do indeed come from other sites and services, so that means people using the same password on several sites, including their iCloud account, are most vulnerable.
Apple has historically been considered a relatively safe platform, however, as the number of infections and new threats rises, Apple users can no longer be complacent about iCloud security and should take some basic steps to protect their data. Below are some important steps you can take today to secure your device.
- Change your Apple iCloud password through this link. Look for the green padlock icon in the address bar and that the web address clearly says "iforgot.apple.com". Your Apple ID and iCloud ID are the same and they use the same password. Use a strong password that is long, includes special characters, does not repeat between accounts, and is changed often. (We have covered passwords and passphrases in previous articles: How Secure is Your Password and The New Language of Data Security: From Passwords to Passphrases.) Apple will require that you use a capital letter, at least one number and one special character.
- Use Two Factor Authentication (2FA) for Apple, which is not as user-friendly as (and more labor intensive than) many other 2FA set-ups, but it works. Here’s how you do it (from ZDNet):
When you activate 2FA, you can access your account only from trusted devices such as your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you will need your Apple ID password and the six-digit verification code that's automatically displayed on your trusted device.
To use Apple 2FA, you'll also need a trusted cell phone number so you can receive verification codes. To add a trusted phone number, take the following steps:
1. Go to your Apple ID account page
2. Sign in with your Apple ID
3. Go to the Security section and click Edit
4. Click “Add a Trusted Phone Number” and enter the phone number
Now, you're ready to turn on Apple 2FA.On your iPhone, iPad, or iPod touch with iOS 9 or later:
1. Go to Settings > iCloud > tap your Apple ID
2. Tap Password & Security
3. Tap Turn on Two-Factor Authentication
4. On your Mac with OS X El Capitan or later:
a. Go to Apple menu > System Preferences > iCloud > Account Details
b. Click Security
c. Click Turn on Two-Factor Authentication
Whew! You did it and now your Apple devices are more secure… but did you back up your data in case your iCloud is wiped out?
For your iPhone, iPad, or iPod, the easiest way to do this is to back up your device's files to your Mac or PC with an iTunes backup. But, to be safe, you really must change and secure your password because iTunes doesn't back everything up. For example, it won't back up your Apple Pay information and settings, photos already on iCloud, or purchased iTunes and App Stores content.
For all laptops, including Macs, we strongly recommend (and can provide) online file backup. Online backup services store the contents of your computer's hard drive, such as your important documents and media files, through the Internet using a third party online backup service. If your hard drive crashes, your computer is stolen, your iCloud data is wiped out, or you otherwise lose access to important data, online backup services give you the ability to quickly restore any lost information. (See more about online backup services here.)
The news that millions of iCloud accounts may have been compromised is very concerning. However, the silver lining may be that people, including Apple users, have received a wake-up call to be more deliberate in securing data and their devices – even if it is a little bit inconvenient.