Turkish Crime Family iCloud Data Provided To ZDNet Proven To Be Valid

It may be a bit too early to blow of the so called Turkish Crime Family and their threat to cause digital harm to millions of iCloud users. I say that because ZDNet posted a story saying that it had received a set of 54 account credentials from the hacker group for “verification” and subsequently reported that all of the accounts were valid, based on a check using Apple’s online password reset function. What’s interesting is that ZDNet also contact each account holder via iMessage to confirm their password, and found that many of the accounts are no longer registered with Apple’s messaging platform. However, of those that could be contacted, 10 people who were all based in the U.K. confirmed that the passwords were accurate, and they have changed them as a result.

Now these passwords could have been acquired in a number of ways. For example, Yahoo gets hacked and because people tend to use the same password for everything, the rest of their digital lives is under threat. It doesn’t prove that the so called Turkish Crime Family have pwned Apple at all. Which would be consistent with what Apple said yesterday. Also, it is entirely possible that this is all that they have. I say that because of this:

A person representing the group, who is allegedly no longer a member, told me that the data is “handled in groups”, but would not explain how or why. The hackers refused to hand over a US-based sample of accounts

My $0.02 worth? There is a strong likelihood that this is bogus. If someone had some sort of epic exploit on a company like Apple, they’d be asking for way more than $75,000 and they would have provided far more proof that Apple had been pwned. That isn’t the case here. But it doesn’t mean that you shouldn’t take precautions. You should look at your iCloud account in terms of how secure it is. Consider using a strong password that is distinct from other passwords that you have and enabling two factor authentication to ensure that you are as secure as possible. After all, you should do everything possible to avoid getting pwned by this group or any other group of hackers.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: