A group called the Turkish Crime Family is claiming to have millions of passwords for Apple's iCloud, and is demanding Apple hand over money or it will delete the accounts.
Apple, while not saying what contact it has had with the group, issued a statement saying it doesn't believe its systems have been compromised. Instead, it suggests that any account information that has fallen into the wrong hands is probably the result of other well-publicized breaches and because people reuse their passwords on multiple sites.
There have not been any breaches in any of Apple's systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.We're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved.
The upshot: Use different passwords on different sites and, whenever possible use two-factor authentication. It sounds simple, but most people don't do it. And if you haven't done so recently, change your iCloud password.