IS YOUR APPLE ACCOUNT VULNERABLE?
If we are to believe both the CIO and Motherboard reports (both highly respected news sources), a hacking group named Turkish Crime Family has cracked more than 627 million Apple iCloud accounts. Of these, over 220 million have been verified to be working accounts. We don't know about the other 407 million accounts.
The group has provided evidence of emails between them and Apple security, asking for $75,000 in Bitcoin or Ethereum, $100,000 in iTunes gift cards, or $150,000, in exchange for deleting their cache of accounts and passwords. If payment is not made by April 7, 2017, they threaten to remotely wipe the devices (Macintosh computers, iPhones, and iPads) attached to the accounts.
Is the threat legitimate? I doubt any of us will know with certainty until after April 7. However, ZDnet, one of the most respected names in IT news, has reported they received a small subset of these vulnerable accounts and passwords, and all check out as legitamate. The situation highlights the importance of being mindful of how we approach security in our digital lives.
Apple accounts have no mystical repellant to hacking. They are every bit as vulnerable as any other internet-based system. It is based on entering the proper username and password. A criminal only needs to setup an automated cracking system, rent server farm processing for a few dollars an hour, and it doesn't take too long to discover the credentials to hundreds of millions of accounts.
Which is the reason 2-factor authentication is so vital to account security. And lucky you–Apple makes 2-factor authentication available as a free (and recommended) option. But it is not on by default.
Only Apple accounts without 2-factor authentication have been compromised. If you have this enabled, you've little to be concerned about (at least regarding this area of security). If you don't have it enabled, I very strongly recommend that you take the 5 minutes to enable 2-factor authentication NOW.
Each of the Practical Paranoia Security Essentials books detail how to enable this critical security measure. The macOS 10.12 book gives an illustrated, step-by-step for enabling it specifically for Apple accounts.
Chapter 16 of Practical Paranoia macOS 10.12 Security Essentials is available for free, so that you may immediately secure your Apple account. It may be downloaded here Practical Paranoia macOS 10.12 Chapter 16 Apple ID.
Once you have enabled 2-factor authentication for your Apple account, remember that this is just one small (although highly vulnerable) aspect of Macintosh, iPhone, and iPad security. A home break-in may net the criminals a few TV's, jewelry, and that bottle of wine you've been saving for a special occasion. An iCloud break-in may net the criminals your bank account, credit cards, and identity.
The only place to show you everything you need to know about device security, also just happens to be the easiest. Practical Paranoia Security Essentials is available for Android, iOS, macOS, and Windows. Available in paperback, kindle, and online pdf (students only). Visit http://thepracticalparanoid.com for more information, and to order.