Is your AppleID at risk on April 7th?
On March 21st, Motherboard announced that a group called the Turkish Crime Family had issued an ultimatum that unless Apple paid a ransom (ranging from $100, 000 to $1M), 600 million Apple devices (phones, tablets and Macs) will be compromised, leading to theft of data and permanent erasure. The target date is April 7th.
The group has provided a subset of a list of AppleIDs credentials to various media sources to permit them to verify the credentials with their owners. It appears that there is a some validity to the claim.
Apple claims that their servers have not been compromised and there is not a systemic risk to Apple devices. They believe that the credentials were part of the list of credentials stolen from LinkedIn.
Oh my Gawd!!! What should I do????
At the bottom of this post, I have some recommended actions that you should take.
But first, let’s look at this threat in a little more detail. First and foremost, the risk to Apple devices is most likely overblown. If they have a dump of usernames/passwords from other sources, they would be depending on folks using the same credentials across the accounts. Many folks do this and this would account for a significant number (certainly north of a million), but not 600 million.
Next, this is likely a credentials hack, since that’s the proof they’ve given. If they’d somehow managed access to the Apple servers in a manner that would allow a remote control erasure of devices from their servers, they’d have erased a chunk of devices to prove to Apple they could do it.
That said, make no mistake: There is a significant risk that your Apple devices are at real risk. If you use the same password at multiple places, including for your AppleID, your risk is even higher.
Before discussing what you can do to mitigate your risk, one more comment on your AppleID. In past posts, I’ve discussed password management and the fact that certain accounts need more secure passwords than others. In these discussions, I focused primarily on financial and Cloud accounts. after all, that’s where your assets are controlled.
However, this issue has brought into sharp relief the importance of controlling your AppleID (and for Android users, your Google) credentials. These specific accounts are the master key into your digital realm.
Specifically for this issue, I’d recommend that you do two things to protect your Apple devices and the data stored on them (and in the iCloud):
- Change your AppleID password — Change your password to something that’s unique to your AppleID account and that is difficult to crack. I’d argue this could be a more important password than even your banking password. It should be long (more than 8 characters), contain special characters and numbers. If you search for “How do I create a secure password” online, you’ll find plenty of sites with specifics. Also, this blog has several posts on the subject. This might be a great time to consider using a password manager. Keychain on Apple devices is very good, or possibly other third party managers. Do this ASAP and do not wait until April 6th. There is no reason to believe that April 7th is the real date.
- Enable two-factor authentication — This will add the step of requiring additional authentication before taking action. This is something you should enable on all sensitive accounts like financial. Also, with the Apple version, it will also notify you immediately on all your devices when someone is attempting to access your account from a new source.
To do either of these actions, go to https://appleid.apple.com, log in and you’ll be presented to a screen that will allow you to change your password as well as to enable two-factor authentication if not currently enabled.
One final comment: If you’re a Android user, I’d recommend taking similar actions on your Google account. There is no doubt that if they have credentials to compromise AppleID accounts, they can also apply this to Google accounts.