Massive iCloud Hack Shows Criticality of Strong Authentication

Apple has a reputation for building secure systems. The Mac is still far more hack proof than PCs, and the iPhone being a closed system has not been hit with a plethora of malware.

The iCloud had much the same reputation – until this week.

Hackers reportedly successfully compromised millions of iCloud logins. The hackers, dubbed the Turkish Crime Family (but ironically based in London), then demanded Apple given them $100,000 in iTunes cards. This is a takeoff on ransomware. Instead of locking up data and demanding money, the bad guys steal data and want cash for its return. The group has been trying to extort money in return for the log ins from other companies as well.

There is some dispute as the facts of this case. Apple says its iCloud servers were not compromised and whatever data the Turkish Crime Family claims to have come from a hack against LinkedIn some five years ago, Business Insider reported.

Apple may have spoken too fast as the hacker group promptly turned over the data to ZDnet which confirmed that it was iCloud log in data. In fact, the data was enough to help ZDnet contact ten of the victims and confirm that it was their data that was stolen.

As of this writing it not completely clear if Apple was entirely mistaken. One theory still making the rounds is that log in information did come from the LinkedIn hack and that these victims simply reused that log in info for their iCloud accounts. Many users reuse authentication information because complex passwords are so hard to remember.

Meanwhile ZDnet is still trying to get the bottom of it, and believes the compromised credentials did not come from Apple itself.

“Based on our experience and our interactions with the group and its members, it’s evident that the group is naïve and inexperienced. Based on its grandiose claims and its cherry-picking media outlets to cover its claims, it’s also clear that the group is gunning for publicity. When we began asking the group questions, the conversation quickly turned to whether or not CBS News (which like ZDNet is also owned by CBS), would also cover the group’s claims,” ZDnet said.

Apple so far has not asked users to reset their passwords. It did, however, strongly suggest the use of two-factor authentication.

Two-Factor to the Rescue

Often referred to as 2FA, two-factor authentication is a verification process that adds one more layer of credential confirmation to a login process. Also recognized as a multi-factor authentication, 2FA requires the input of the standard password/username combination, as well as, a second piece of information that can only be provided by the authorized individual. With the incorporation of 2FA, cyber-hackers find it far more challenging to access account to steal an identity or obtain crucial confidential information.

In the cyber world, 2FA is now used on a variety of large websites including Yahoo, MSN, Google, and Twitter along with a plethora of banking institutions. By incorporating two-factor authentication into the login process, businesses can dramatically lower the rate of identity theft. It also helps avoid phishing expeditions through email accounts, because the cyber-criminal will need to purloin more than just the standard username and password combination to gain access to accounts and data.

Check out our 2FA Buyers Guide for more information.

Posted by Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.
A bunch of gears on a table

How MSP Market Consolidation Can Work for You

Joining forces for greater efficiencies, growing by gobbling up smaller competitors or complementary firms, cashing out when you can’t coverRead More

People meeting in an voip call

The Power of MSP Community

Normally, our images of community consist of shared tables for meals, after-work drinks at the local watering hole, conferences fullRead More

Connect IT Podcast - Sales Straight Talk, with John Barrows of JBarrows Sales Training

Connecting IT Podcast: Sales Straight Talk with John Barrows

In this new edition of the Connecting IT Podcast, Jim Lippie, Kaseya’s GM and SVP of Partner Development, talks withRead More

Business Woman standing in front of arrows

MSP Benchmark Survey Results Provide Roadmap to Growth

The technology industry has had its share of disruptive moments, but the economic impact of COVID-19 is likely to dwarfRead More

2020 IT Operations Survey Results - Highlighs and Key Takeaways - Watch Now
2020 MSP Benchmark Survey Report