If You Haven’t Changed Your iCloud Password in the Past Two Years do it Now

1 minute read
| News

Trying to extort money out of Apple by threatening to wipe out iCloud accounts and reset iPhones is a business model the Turkish Crime Family hacker team will likely learn is flawed at best, but there it is a great reminder to change your online passwords regularly. The list of iCloud logins the group has looks to be at least two years old, so if you haven’t changed your password more recently than that, it’s time right now.

Change your iCloud password to stop hackers from wiping out your data

If your iCloud password is more than a year old, go change it now

The hacker group gave several email addresses and passwords from their list to ZDNet who then sent iMessages to ask if those passwords were still valid. Almost all replied they were, and they hadn’t changed them in at least five years. Of course, they promptly changed their passwords after being contacted by the publication.

One person said the password ZDNet had was changed about two years ago, so that narrows down the window for when the logins were stolen. Based on that, if your iCloud password is at least two years old, it’s time for a change. To be safe, if your password is more than a year old, go ahead and change it—ands enable two-factor authentication.

The hackers are saying they’ll wipe out the accounts on April 7th if Apple hasn’t paid the ransom. Considering that’s not a game Apple is willing to play, updating your password before then is a pretty smart move.

3 Comments Add a comment

  1. francini@mac.com

    This report (and the earlier one referenced in the article) are disingenuous.

    The list of passwords they have were obtained from breaches in other 3rd party services. Since many people use the same or similar passwords on a lot of Web services, it’s no wonder that the key that fit some other compromised lock (LinkedIn, for example) would also fit Apple’s.

    Apple has stated categorically (and I believe them) that there have been NO breaches in their service that could have caused password leakage.

    So if your iCloud password is the same as your LinkedIn password from several years ago, then, yes, go change it. Otherwise, stop worrying that the ‘sky is falling’ and get on with your life.

    I also disagree very strongly with the “change your password frequently” mantra. All that does, especially in ordinary (and especially elderly) users is create tons of confusion, causing them to have to maintain long lists of passwords for services, often on paper, sometimes in documents on their computer. And yes, they could use 3rd party password-management programs, but those have their own quirks, are hard for the non-computer-literate to learn, and exhibit confusing behaviors that can flummox non-computer-literate users. [I see this regularly amongst the elderly Mac users I support.]

    Apple’s own password manager is an exception — it works reasonably seamlessly. Unless you use apps that don’t support it, like Chrome or Firefox.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account