If you were worried that hackers might wipe millions of iPhones, Macs and iCloud accounts there’s some good news today.
If you remember, a group calling itself the “Turkish Crime Family” was claiming to have a stolen database of millions of Apple customer credentials, and threatening to wipe them remotely unless Apple agreed to pay a ransom demand by April 7th.
As news of the Turkish Crime Family’s threats began to make headlines there was a worrying silence from Apple, which can’t have done much to reassure its customers.
But now, in a statement issued to Fortune, Apple has declared that its systems had not been hacked:
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”
All of which, of course, does not necessarily mean that hackers don’t have their sweaty paws on Apple customers’ usernames and passwords. After all, they may have grabbed them courtesy of one of the other high profile megabreaches (LinkedIn and Yahoo spring instantly to mind)
But don’t worry, if the extortionists do still follow through with their threats Apple isn’t leaving its users high and dry:
“Apple is actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
Frankly, this is great advice.
Yes, you should always have strong, hard-to-crack passwords. And you should always ensure that your password is unique, and not being used on any other sites.
But more than that, enable two-factor authentication (2FA) on your Apple-related accounts. 2FA is the arch enemy of account hackers, because it means that they’ll need more than just your password to gain access.
In all likelihood, anyone attempting to break into your 2FA-protected account will simply find it too difficult – and attempt to find someone else who has been less diligent about defending their online lives.
There is little reason for you to feel nervous if you have been following the advice we have been offering here on the Hot for Security blog for years: make your passwords strong, make them impossible to guess, make them unique, and enable two-factor authentication to harden your account security.
If you adopt best password practices you will have dramatically reduced the chances of having your account compromised and – if it ever does happen – reduced the impact that it will have on the rest of your online existence.
Meanwhile, it remains to be seen if the Turkish Crime Family follow through with their threats. Until we see evidence to the contrary, I think it might be wise to be a little skeptical – whilst still ensuring that our accounts are properly secured.