A hacker group claiming to have access to hundreds of millions of iCloud accounts threatened to remotely wipe iPhones associated to these accounts unless Apple pays a ransom amounting to up to $100,000 in cryptocurrency or iTunes gift cards. Just as we suspected at the time, Apple has now confirmed that its servers were not breached. But that doesn’t change the fact that some hackers out there believe they can remotely wipe iPhones linked to certain Apple IDs… so it’s time to change passwords again.
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” a company spokesperson told Fortune. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
Apple did not confirm the authenticity of the data the Turkish Crime Family says it has, as the report notes. A person familiar with the email accounts and passwords contained in that data set says it matched the LinkedIn breach from 2012 when hackers grabbed information tied to more than 100 million accounts.
The LinkedIn hack was only revealed last year, but that’s enough of a reason to change your passwords, especially if you haven’t done it since then — and especially if you use the same password for several different accounts, including the Apple ID you use on your iPhone.
Apple, meanwhile, is “actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved,” the same spokesperson said. “To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
The company says it has taken measures according to “standard procedure,” without elaborating on what’s been done.