In what seems to be not a particularly good mission from Grand Theft Auto V, a group calling itself the “Turkish Crime Family” is holding what it claims are 300 million Apple iCloud accounts ransom, unless Apple pays the surprisingly low sum of $75,000 in Bitcoin, or $100,000 in iTunes credit (hey, Clash of Clans doesn’t pay for itself — maybe the Turkish Crime Family just wants to climb the leaderboards).
The threat: If the Turkish Crime Family isn’t paid by April 7, it’ll start wiping iPhones remotely, using the credentials it ostensibly has. So far, there’s been no threat of leaking or dumping any of the information from users’ phones onto the internet, so this would be more a matter of annoying millions, rather than violating the privacy of millions.
“I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing,” one of the hackers told Motherboard.
For its part, Apple says the Turkish Crime Family doesn’t even have the goods (which may explain why the hackers are seeking just 3/10,000ths of a penny per iCloud account).
“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services,” Apple said in a statement.
“We’re actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved. To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”
Still, if you’re feeling worried, here’s how to change your password and turn on two-factor authentication, which should keep you safe — regardless of whether your info is in the control of a hacker group that sounds like it would also sell mixtapes outside subway stops.
To change your iCloud password:
If you know your Apple ID password and want to change it, follow these steps:
1. Head over to your Apple ID account page.
2. Find the Security section, and click Change Password.
3. Enter your current password, then enter a new password and confirm the new password.
4. Click Change Password.
If you’ve forgotten your password (it happens!), you can always go to Apple Support to reset it.
To turn on two-factor authentication:
On your iPhone, iPad, or iPod touch with iOS 9 or later:
1. Open Settings, go to iCloud, and then tap your Apple ID.
2. Tap Password & Security.
3. Tap Turn on Two-Factor Authentication.
On your Mac with OS X El Capitan or later:
1. Go to System Preferences, then iCloud, then Account Details.
2. Click Security.
3.Click Turn on Two-Factor Authentication.
Remember that two-factor authentication will require a little extra out of you. The great thing about two-factor authentication is it presents some extra hoops for any malicious actor trying to access your personal data. The bad thing is, you’ll also need to keep a trusted device that can receive SMS messages, as well as set up a 14-number recovery password, should that fail.
Apple can, should you really mess them all up, eventually let you back into your account if you really lose everything. But it can take a while. But iCloud hacks (and massive data leaks) are only on the rise — the added hassle of two-factor authentication is more than worth it.