Apple ID password? Change it now!

If you are an Apple user with an iCloud account, you are advised to change your Apple ID immediately.

A spate of  hijacking attacks have targeted iCloud logins.

Both the NSW Police and the Australian government’s Stay Smart Online service have advised that all Apple users should change their Apple ID password.

Users are also advised to set a passcode on their iPhones and tablets or passwords on their Mac laptops and desktops.

Users have reported that their phones or systems have locked unexpectedly, after which they receive a message on their screen stating that their device has been, ‘Hacked by Oleg Pliss’ and an email from ‘Find My iPhone’. In order to unlock the device, the message indicates that they should pay a ransom via PayPal, emailing the payment code to the hotmail account “lock404”!

If a hacker has set a new passcode lock on an Apple device, it is possible to bypass it by using one of the methods suggested by Apple. Some of these require erasing, resetting or restoring your device from a backup (if you have saved one).

The Lost Mode function is a vulnerability. This can be switched off via iCloud.

How to change your Apple ID / iCloud password

  1. Go to My Apple ID
  2. Click “Manage your Apple ID” and sign in
  3. If you have two-step verification turned on, you’ll be asked to send a verification code to the trusted device associated with your Apple ID. If you’re unable to receive messages at your trusted device, follow the guidelines for what to do if you can’t sign in with two-step verification
  4. Click “Password and Security
  5. In the “Choose a new password” section, click “Change Password”
  6. Enter your old password, then enter a new password and confirm the new password. Click “Save when done”

In addition to changing passwords, IT security experts strongly recommend instituting “two-factor authentication” on Apple ID accounts. Turning on two-factor authentication reduces the possibility of someone accessing or making unauthorised changes to your account information.

Two-factor authentication adds a second layer of security as it requires both a password and a separate verification code sent to a phone (or other trusted device), which must then be entered into the mobile device, before it is permitted access to the account.

Learn about two-factor authentication.

This latest issue comes less than a month after the major “Heartbleed” vulnerability was disclosed (on 7 April) after remaining undetected for two years!

“Heartbleed is a bug in OpenSSL. Hackers can exploit Heartbleed to get raw text from emails, instant messages, passwords, even business documents — anything a user sends to a vulnerable site’s server.”

Read about the most contagious malware released at the turn of the century.

At Digital Tsunami, we strongly recommend regularly changing passwords as a standard precautionary measure.

All users should implement the highest level of security, including no less than: individual high-security passwords in a combination of at least 8 (preferably 12 or more) characters, containing at least one lower case character, one capital, one numeral and where accepted, special characters (such as ^+>&*#/%). These should not be formatted to resemble or contain a word and should not be used across all sites. It is exceptionally important that passwords for banking sites not be shared.

If your bank is not yet using two-factor authentication, comprised of a username and password PLUS a ‘token’ (random code generator device) or code sent to your to cellphone, it is time to consider changing banks!

At least one backup generic email address (Gmail, Hotmail, Yahoo, etc.) should be created, to enable communications in case your domain name becomes infected and email on that domain is blocked or unusable. This email can also be used to retrieve passwords for an email account on your corporate domain.

Digital Tsunami constantly monitors and audits the security of our clients and our private clouds. We conduct frequent security audits, to ensure that we were taking all possible measures to protect client assets.

Read about some of the security measures Digital Tsunami applies to web hosting and specifically to WordPress site hosting.

Talk to Digital Tsunami
 about security for your web hosting.

References:

smh.com.au/digital-life/consumer-security/
staysmartonline.gov.au/alert_service/
appleid.apple.com

Recommended security vendors:

Symantec.com
McAfee.com
TrendMicro.com

From Our Clients

Quotation Mark

It is clear from the enthusiasm and professionalism shown, that Digital Tsunami views each client as a long term partner contributing ideas above and beyond the development of the site and we look forward to involving them in future marketing initiatives.

Angelo Mastropietro
Director
Sydney, NSW, Australia
Kinetic Recruitment
Quotation Mark

The team at Digital Tsunami was incredibly responsive, delivering a solution well ahead of deadline. Their technical knowledge was exceptional, they were innovative, and they were very meticulous. What's more, they understood my business and technical requirements and translated them into a user-friendly, refined, professional site which is conceptually simple and cohesive.

Glenn Murray
Director
Sydney, NSW, Australia
Divine Write
Quotation Mark

Clients have really appreciated the video .. sales staff are so pleased to have this tool. It is very empowering to show.

Anisa Meriem Telwar
President
Atlanta, Georgia, USA
Anisa International
Quotation Mark

.. a reliable and steadfast operator, with a keen sense of service. Innovative and contemporary, and operating within the upper echelon.

Matthew Gormly
Director
Mönsterås, Sweden
Quotation Mark

The launch .. was a success. We were able to present this live on a Wireless connection during our Sydney, Australia sales conference on a location with very limited internet bandwidth. This proves the technology used .. renders light webpages which are easy to download on a browser.

Comments I've heard from our employees were all positive and reflected precisely what we were looking for: a simple but concise, clean and effective webpage.

We acknowledge the timeframe given to you was extremely short but nevertheless you have sucessfully delivered the project on schedule .. the critical success factor was communication and availability of Digital Tsunami's team.

I am very glad we were able to partner with such a professional team as yours and I am confident any other initiatives with you will be as successful.

Claudio Falcão Gomes
IT Manager
Sydney, NSW, Australia
Solvay Pharmaceuticals
error: We appreciate that you value our content. You are welcome to link to this page, but content is copyright protected.