Hackers threaten to wipe millions of iCloud accounts if Apple doesn’t pay up by 7 April - Webroot comment
March 2017 by David Kennerley, director of threat research at Webroot
Following the news that a group of hackers have gained access to over 200 million iCloud and Apple email accounts, and is threatening to wipe the user data if Apple doesn’t pay a ransom, David Kennerley, Director of Threat Research at Webroot, comments:
"If this is proven to be a legitimate breach the consequences for Apple and its millions of users would be far reaching. There’s a lot of questions that need to be answered such as, do these hackers really have access to the data they claim? How did they get hold of such a large amount of data? Was it a vulnerability in Apple’s infrastructure or breach of third-party tool or organisation? Or does the fault lie with good old password re-usage between sites and apps from a consumer side?
The big question for Apple is what procedures are in place to prevent the destructive action threatened by the hackers? Without a full understanding of what the hackers really have, the true quantity and how they came by it, everything thereafter can only be a best-guess scenario. Whether this proves to be huge news, or no news at all - it’s always good to remind ourselves, no matter the reputation of the organisation that we trust to protect our digital lives we should always take extra measures to protect our own privacy and data.
Users should use different passwords for each website used, this can get complicated so a password manager, may be the best option. Never give out your passwords to anyone and always be careful when opening email attachments, do you recognise the sender? Be careful clicking on links within emails, instead of clicking on the link, visit the website in question directly. Back up your data to multiple places and for really important info an offline copy may be a good option. Crucially, keep your systems and apps up-to-date. Zero-day exploits aren’t always the ones doing the damage, it’s those tried and tested ones attacking systems that have been left unpatched. Finally look towards threat intelligence solutions whether on you mobile device or desktop - these products have never been so important as they are today!"