If You Haven’t Changed Your iCloud Password in the Past Two Years do it Now

Change your iCloud password to stop hackers from wiping out your data

Trying to extort money out of Apple by threatening to wipe out iCloud accounts and reset iPhones is a business model the Turkish Crime Family hacker team will likely learn is flawed at best, but there it is a great reminder to change your online passwords regularly. The list of iCloud logins the group has looks to be at least two years old, so if you haven’t changed your password more recently than that, it’s time right now.

Change your iCloud password to stop hackers from wiping out your data
If your iCloud password is more than a year old, go change it now

The hacker group gave several email addresses and passwords from their list to ZDNet who then sent iMessages to ask if those passwords were still valid. Almost all replied they were, and they hadn’t changed them in at least five years. Of course, they promptly changed their passwords after being contacted by the publication.

One person said the password ZDNet had was changed about two years ago, so that narrows down the window for when the logins were stolen. Based on that, if your iCloud password is at least two years old, it’s time for a change. To be safe, if your password is more than a year old, go ahead and change it—ands enable two-factor authentication.

The hackers are saying they’ll wipe out the accounts on April 7th if Apple hasn’t paid the ransom. Considering that’s not a game Apple is willing to play, updating your password before then is a pretty smart move.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Oldest Most Voted
Inline Feedbacks
View all comments

This report (and the earlier one referenced in the article) are disingenuous. The list of passwords they have were obtained from breaches in other 3rd party services. Since many people use the same or similar passwords on a lot of Web services, it’s no wonder that the key that fit some other compromised lock (LinkedIn, for example) would also fit Apple’s. Apple has stated categorically (and I believe them) that there have been NO breaches in their service that could have caused password leakage. So if your iCloud password is the same as your LinkedIn password from several years ago,… Read more »


Somebody please clarify. If you have 2-factor authorization activated, will they still be able to wipe your account?


I love how this Aprill 7 Deadline is considered so concrete. Are we supposed to trust extorting hackers as being faithful to their word???