Hackers threaten to remotely erase iPhones on April 7 – Thwart them with Two-Factor Authentication

Turkish hackers have attempted to extort Apple by erasing iPhones and iPads on April 7 if Apple doesn’t meet their demands of $75,000. If Apple does not comply (which they have stated they won’t), the hackers will raise their demands and erase more devices.

The hackers claim to have access to 627 million user accounts. Earlier reports had a smaller number but other hackers have come forward to donate additional credentials.

You can read coverage from MacRumors, AppleInsider, Vice, and Fortune.

What didn’t happen

Apple’s systems have not been hacked. These hackers have no back door access into iCloud.

What did happen

The hackers claim to have a database of 627 million iCloud usernames and passwords. They are threatening to use those passwords to log into your account and activate the antitheft functions of iCloud to remotely erase your iPhone or iPad. They could conceivably erase Macs using this same method, which could erase local backups of iPhones as well.

What is unclear

It is unclear if they actually do have the account credentials to allow them to do this. It is unclear if those 627 million iCloud accounts are current. They could be old passwords. They could be accounts that have Two-Factor authentication enabled. They could be abandoned accounts. It’s also unclear where they got the passwords from, though it appears that it was from a third-party source. Perhaps they are passwords of people who use the same password on other systems that have been compromised such as Yahoo.

How to protect yourself

By far the best thing to do to protect yourself from this and future hacks is to enable Two-Factor Authentication, which is a good idea whether or not this turns out to be a hoax.