A hacking group called the Turkish Crime Family informed Business Insider that it possesses approximately 600 million iCloud passwords, and that they plan to reset user accounts on April 7th. Please note that Apple denies that there has been a breach of their their systems including iCloud and Apple ID. It appears the information may have been obtained from previously compromised third party services. If an Apple account holder uses the same password across multiple services, there’s a likelihood that their iCloud password is already publicly available.
Recommendations:
- Confirm that all passwords in use are unique. Do not reuse passwords. Use long (12+ characters) and strong (letters, numbers & special characters) passwords. For password best practices recommendations, click here.
- Turn on two factor authentication. For information on two factor authentication for your Apple ID, see https://support.apple.com/en-us/HT204915.
- Check if your account may already be public via https://haveibeenpwned.com
For more information on this threat, please see: http://www.businessinsider.com/apple-id-protect-password-from-turkish-crime-family-hack-2017-3