No One's Hacking Apple Accounts — But Protect Yours Anyway
You may have heard that a team of hackers calling itself the "Turkish Crime Family" was planning to wipe the data from millions of iPhones and iCloud accounts unless Apple coughed up some dough. It may sound like an enterprising scheme, but Apple has flatly denied that such a thing is possible.
Fortune received a response from Apple about the overblown threat, and a representative explained that Apple's back-end security is as solid as it's ever been. So before you blow up Apple's inbox with panicked pleas, take a moment to put things in perspective. It's highly unlikely that anyone has compromised Apple's servers, let alone a no-name hacker group that has been around for all of a week.
Furthermore, if you're concerned about your iCloud account’s integrity, protecting it is as simple as activating Apple's two-factor authentication. Even if a hacker had your username and password, he or she would still not be able to access your account, or remotely wipe the data from your phone, without physical access to the smartphone. You could also change your iCloud password. You definitely want to make sure your iCloud password isn't the same as the password for any other account.
If you absolutely insist on taking the hackers at their word (and if so, man, have I got a bridge in Brooklyn to sell you), you could also remove all your personal data and photos from iCloud and store them somewhere else instead. Google Photos is available for iOS and also automatically backs up and labels your photos as you take them. Then, if a different hacker group makes spurious claims about Google accounts instead, you can migrate your data back to iCloud. It's the unbroken circle of tech.
The improbable story of a widespread Apple hack cropped up on Mar. 21 when the Turkish Crime Family contacted Motherboard with a purported email exchange the group had with Apple. (Screenshots, only, of course; wouldn't want the threat to appear too credible.) The group also uploaded a YouTube video in which it appeared to compromise an elderly woman's iCloud account.
If this all sounds a little fishy to you, you're not alone. Even Sherlock Holmes would regard an isolated account hack and a screenshot of an email exchange as insufficient evidence. Still, the Turkish Crime Family is brazen, if nothing else. It's demanded $75,000 in Bitcoin or $100,000 in Apple gift cards from the iPhone manufacturer, or else, it claims, it will hijack and erase 200 million, or 300 million, or 500 million — the group can't get its numbers straight — iPhones and iCloud accounts.
"There have not been any breaches in any of Apple’s systems including iCloud and Apple ID," an Apple representative told Fortune. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."
In addition to the flimsy evidence, take a moment to consider the group's demands. If you were really a cold-hearted cybercriminal and had a way to hack the world's most powerful tech giant, you wouldn't set your sights so low. If you really wanted $75,000, you could get that — and a lot more — simply by sifting through the files of rich and powerful iPhone users.
Fortune also does not put much stock in the hackers' claims. One of its sources claimed that the data set contains email addresses and passwords from the high-profile LinkedIn breach committed in 2012, but only fully revealed last year. While there's no doubt that many users employ the same username and password for their LinkedIn and Apple accounts, that's not nearly the same thing as being able to hack iPhone users indiscriminately.