Will iCloud 'hack' help kill online security questions? There is no such thing as a 'private naked selfie' and Apple's online security questions don't improve the situation. Leslie Jones’ Personal Information & iCloud Hack Being Investigated By Homeland Security Leslie Jones' major personal information and website hack is now in the hands of Homeland Security.
You probably remember the massive iCloud breach in 2014 that resulted in compromised celebrity photos spreading through the internet like wildfire. That egregious invasion of privacy caused great embarrassment and damage to the reputations of nearly 100 A-list stars.
Fortunately, these bad deeds did not go unpunished. In 2016, two men were brought to justice for running the phishing scam used to obtain the celebrities’ iCloud usernames and passwords. However, these isolated arrests don’t mean everyone is now safe from iCloud hacks. On the contrary, even if you aren’t a celebrity, the dangers of cybercrime via iCloud are real no matter who you are or where you live.
In fact, in July 2016, CSO reported that up to 40 million iCloud accounts were targeted by Russian hackers as part of a ransom scheme that shut down Apple devices if payment was not delivered. That’s a sky-high and somewhat abstract number, and by their own admission, CSO doesn’t know how many accounts were actually breached. However, in my own firsthand experience, two people I know recently had their iCloud accounts compromised in the same week.
Anatomy of an iCloud hack
You’ve heard the cybersecurity ransom story before. A victim receives a mysterious message threatening to lock or wipe their device if they don’t pay up as soon as possible, and the hackers typically aren’t bluffing. In the case of an iCloud hack, malicious actors can lock you out of your device and remotely wipe all of your data via the “Find My iPhone” app once they’ve compromised your account.
Even if you don’t have “Find My iPhone” enabled, with access to an iCloud account, hackers can also read your mail, view your contacts, check your calendar, read your notes, and yes… download any pictures you’ve backed up to iCloud. In some cases, they might even be able to make purchases using your credit card if you’ve set up Apple Pay.
While it’s true you can sometimes recover from an attack like this by contacting Apple, the bad guys still have other tricks up their sleeves. For example, someone could reset your security questions, making it hard for you to reset your password. And if you haven’t enabled two-factor authentication, a hacker could link your iCloud account to a phone number you don’t control as the second factor. That action could lock you out of your account forever and by then, not even Apple can do anything to remedy the situation.
My personal iCloud hacking story
A friend of mine recently got the typical lock screen demanding payment of $150, which he ignored and then called me. He also told me of an email alert sent earlier with the subject line: “You have enabled two-factor authentication for your Apple ID.” Thankfully, when he read it closely, he saw that Apple provides a link that lets you undo two-factor authentication within two weeks of it being set up.
After undoing the change and resetting his iCloud password (which was thankfully still the same), he was in the clear… this time. But if he had waited longer to move on the two-factor authentication hijack attempt, he could have lost control of the account permanently.
Lessons learned: Tips on how to avoid iCloud hacks
- An obvious, but important first step: make sure you use a strong password and tough security questions that hackers can’t easily guess.
- Set up two-factor authentication in advance, so you are the only one that can access your account (and so someone else doesn’t hijack this feature).
- Don’t reuse passwords across sites because if one site is compromised, they all are. (Check if your other accounts have been hacked using haveibeenpwned.com).
- Make sure you have good backups, so that in case your device is wiped or you get locked out of your account, you’ll still have your data.
It doesn’t matter if you’re a celebrity or an Average Joe… if you don’t follow security best practices, you are an easy target for hackers. The good news is that you can easily avoid financial loss, personal embarrassment, and the pain of having to deal with an iCloud fiasco by taking a few simple steps to make your phone and personal data more secure.
To learn more about staying secure in the cloud, find out what 18 experts advise for effective and secure cloud migration, here.
About the Author:Peter Tsai is an IT analyst at Spiceworks. Formerly a systems administrator, programmer, and server engineer who has lived IT from the inside and out, Peter now works to serve up IT articles, reports, infographics, and livecasts that inform and entertain millions of IT pros in the Spiceworks network worldwide. You can follow him on Twitter and LinkedIn, and you can read more about him on Spiceworks.
Editor’s Note:The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
iCloud is a place for Apple storage, which helps secure all your information, photos, documents, notes, and emails at one place. It constantly updates the changing information while connecting different iCloud logged in devices at one place.
Most Apple users always keep their iCloud logged in at all times. But a question always mingles in our mind, is iCloud safe? After recent scandals of famous Hollywood celebrities getting their iCloud information leaked online, most people worry about how truly safe is iCould account. Like most celebrities news, this too spread like wild fire. Now most people are too scared to completely rely on the trusted privacy and security guidelines of Apple’s iCloud account. Although with time Apple has relentlessly worked to improve on their mistakes, but some Apple users are still not convinced as yet.
- Part 1: Is iCloud Secure?
- Part 2: Worried about iCloud Security? Top 4 Tips to Keep Your iCloud Safe
Is iCloud Secure?
1What Protection Does Apple Take to Protect iCloud Privacy?
Apple has taken some serious steps in order to rectify the security problems users have complained about before. The answer to this question, how safe is iCloud has been a consant concern for millions of iOS users.
- Apple has enabled a two-step verification in order to protect the user and their private information. This extra protection helps you keep yourself safe from any unknown person who might try to access your data through illegal means. If another device does try to log in to you iCloud account, you get a verification message on your other devices. You have to grant access before proceeding. This extra layer of protection helps your iCloud information stay protected and safe. This two factor authentication ensures only user enabled access to personal account and data.
- Since most people back-up their old data on iCloud storage, most of their previously deleted information is also present on their account. Apple has taken serious steps in order to protect this mass data from perpetrators and frauds. Unfortunately apple only has user-end encryption as compared to end-to-end encryption which enables a backfired intrusion of privacy as seen certain scandals before. Apple’s CEO Tim Crook has raised awareness about the two-step verification in order to assist the users in to a safer security option.
2What's Potential Risk of iCloud Privacy?
iClould security and privacy is still standing on thin ice. Apple’s Find My iPhone app is the loophole for invaders. Hackers usually brute force the user’s Apple ID and exploit their way in to the iCloud stored data. The Find My iPhone bug allows the intruder to have unlimited password attempts. With manipulative tools like Elcomsoft Phone Password Breaker they can easily break the password code. The hackers can have piles of updated and deleted data as well. This bug is a potential threat to all iCloud users on Apple products.
Worried about iCloud Security? Top 4 Tips to Keep Your iCloud Safe
If you are still wondering if iCould is secure, you can take the necessary steps to prevent any mishap.
1Create Strong iCloud Password
The first precaution you can take is making sure you have a secure password. Easy relatable texts in passwords give an easy passage. Combine capital letters and numbers together to form a completely secure password. Birth dates, anniversary, names of your children, your maiden name are all too easy to guess, so avoid using them. Strictly avoid any favorite band, your birth place or any other relatable guess as your iCloud password.
2Use Two-Step Verification to Sign in iCloud
Apple has especially designed this full proof system to secure their user’s personal data and information. iCloud Two-Step authentication is a standard approach to securing data. When you log in your account using a new device, iCloud would ask you for your password and a 6-digit verification code. This verification would be displayed almost instantly on your trusted device, so only you can log in. Only your trusted devices you would only require to log in using the assigned password. This is the answer to all those who were wondering how secure is iCoud?
To set up Two-Step Verification, you need to log in your Apple ID account and go to “Manage your Apple ID > Password and Security > Two-Step Verification'. Then follow the directions to complete.
3Turn off “Find My iPhone”
Since Find My iPhone seems to be the culprit in this case, it is advisable that to turn this application off. Find My iPhone gives a direct access to hackers to guess your password with unlimited attempts.
4Completely Erase iCloud Account and all Private Data
The above steps are all critical to any attempts to protect your personal data while using your iPad, iPhone or iPod device. However, if you will no longer be using the device and are considering selling it off or giving it out, it is important that you go beyond simply deleting your private data. Deleted iCloud account and private data can still be retrieved by those with the right tools.
Unfortunately, apple does not enable you to permanently erase your data if you please. In order to permanently erase your private data and keep it from the wrong hands, you will have to make use of the powerful data erasing tool iMyFone LockWiper.
Key Features of iMyFone LockWiper
- Account erase: Completely erase your iCloud account even if you have lost the password.
- Regain access: Regain complete access to the device, or enable future users to regain full access by switching to a different Apple ID or creating a new one.
- Prevent tracking attempts: : Prevent the new Apple ID account user from tracking your device through Find My iPhone.
- Phone reset: : Reset your iDevice and wipe out every personal data on the device to prevent any future retrieval or recovery on the device.
- Restore phone features: : Restore every iCloud and Apple ID account features after data wipe for full access by new user with their own account.
Step 1: Launch LockWiper to begin and choose “Unlock apple ID” mode.
Step 2: Connect your device to PC, be sure to unlock your screen passcode and trust connection when prompted and click “Start to unlock”.
Step 4: Open Settings on your iPhone, then go to General > Reset > Reset All Settings on your device.
Step 5: Your phone will now unlock and your iCloud account and private data will be completely erased.