Reports that as many as 40 million iCloud accounts have been compromised by Russian attackers have not been confirmed by Apple. But they haven’t been denied either.
“For now, let’s assume there hasn’t been a massive iCloud data breach,” writes Steve Ragan at CISO.
So… what do the reported attacks look like?
“It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim’s device into lost mode,” Ragan writes. “At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.”
Then they demand the ransom — usually $30 to $50 or all the data will be deleted.
What can you do to avoid such an attack?
Get your security basics right.
“So make sure that you have a unique, hard-to-crack, hard-to-guess password protecting your Apple ID account,” Graham Culey writes. “And, if you haven’t already done so, I strongly recommend enabling two-step verification on your Apple ID account to make it harder for hackers to break in.”
It’s about a four-minute process. So do it. Now.
You start by logging into your Apple ID.
And while you’re thinking about it, why don’t you activate two-factor authentication on any account you can — especially Google, which calls it “two-step verification” even though it’s really “two-factor” since it involves your phone, and Facebook, which calls it “Login Approvals.”