A brazen group of hackers calling themselves the “Turkish Crime Family” claims to have more than half a million user names and passwords for a variety of Apple-based services, including mac.com, me.com and icloud.com. Unless their demands are met and the company pays a hefty $150,000, the group is threatening to erase everything in all of those user accounts.
Since their demand was initially made, they’ve followed up by saying that they have verified that more than 220 million of the login credentials work, and reiterated their payment demands.
While Apple itself has not responded publicly to the threat, if you use any of the services mentioned above, know that hackers are notoriously unpredictable. Even if the company pays the fine, there is no guarantee that your data wouldn’t be compromised anyway, just out of spite.
Since there’s no way of knowing which of the users accounts on those services have been impacted, your best course of action is to change your passwords immediately.
Once more, this serves as a painful reminder about password security, because the sad reality is that too many people utilize the same password across multiple web properties for the sake of convenience.
If you’re one of those people and your iCloud account’s credentials have been stolen, you’ve just inadvertently given the hackers your password to any other service you’ve used that same password on. That could put your bank account, one or more of your credit cards and more at risk.
Again, with no way to know whose accounts have been compromised and whose haven’t, your best course of action if you use any of these services is to change your password immediately. If you’re using the same password on multiple websites, change those as well, or consider yourself at risk.