Apple provides two-factor authentication for iCloud, and accounts with the option turned on are protected even if their password is compromised.
The latest number of accessible iCloud accounts advanced by the Turkish Crime Family is 250 million. That's an impressive ratio of one in every three tested accounts.
Moreover, if 750 million iCloud passwords are truly the result of password reuse on other websites, the other databases must have had billions of accounts combined or the password reuse ratio must have been unusually high. The largest ever data breach was from Yahoo with a reported 1 billion accounts.
"I think the whole thing is a beat-up," security expert Troy Hunt, creator of the HaveIBeenPwned.com website, said by email. "At best they’ve got some reused credentials, but I wouldn’t be surprised if it’s almost entirely a hoax."
Hunt hasn't seen the actual data that the Turkish Crime Family claims to have, and there isn't much evidence aside from a YouTube video showing a few dozen email addresses and plain text passwords. However, he has significant experience with validating data breaches and has seen many bogus hacker claims over the years.
To be on the safe side, users should follow Apple's advice and create a strong password for their account and turn on two-factor authentication or two-step verification at the very least.
Sign up for Computerworld eNewsletters.