If you’ve been following this, the premise is several third party services were hacked (such as Evony (29 million,) last.fm (43 million,) Linkedin (163 million,)) with usernames and passwords extractible. Hacker groups got the email addresses and crackable password data from multiple breaches, then started checking which ones worked on iCloud.
The claim by the hacker group is that they’re currently in possession of 250 million confirmed working email addresses (and 750 million total,) and passwords that will enable them to remotely wipe millions of iPhones and delete backup data unless Apple forks over a ransom.
Should you wish to stop reading now, just change your iCloud and associated Apple store passwords and be done with it. If you never used the same password on your iPhone as you used on another service, you’re probably golden.
If a couple of million iPhone users find their phones wiped and their iCloud deleted, you can expect Apple customer support and servers to be completely overwhelmed attempting to get people back up in running, so seriously, just change your password if you ever used the same password in multiple places.
ZDNet got a list of some of the people and contacted several with the passwords they were given by the hacker group and found that indeed, several were correct. So yeah, change that password.
Also should be noted Apple really has no blame in this. As much schadenfreude as I get from “unhackable” companies being hacked, this ain’t it and anyone who gets wiped probably had it coming at some point.