A group of hackers claims to have access to a large number of iCloud and Apple email accounts. Allegedly there are hundreds of millions of stolen accounts and passwords in the database, which media outlets have not been able to fully verify. Apple responded by confirming there have been no breaches in any of their systems. So where did the Apple accounts leak from?
According to Fortune, a person familiar with the list of accounts says it matches data leaked in a 2012 hack of LinkedIn. Other breaches of third-party services such as Yahoo and Dropbox could also be a factor. In many cases, customers use the same sign in or password across many services, leaving them vulnerable to attack.
The hacking group has threatened to remotely wipe iPhones using the iCloud data unless Apple pays a ransom. It's not clear how many iOS devices are at risk, or if the group is capable of carrying out the threat.
iPhone, iPad and iPod touch owners should enable 2-step authentication to keep their devices safe from intrusion. Apple also recommends using a strong password, and having unique passwords for each different account, including your Apple ID. Apple gave Motherboard the following statement:
"There have not been any breaches in any of Apple's systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.We're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication."
Keep your Apple ID and iCloud account secure by updating your password, then click here for instructions on how to enable two-factor authentication for extra protection.