The new year brought a new way for hackers to wreak havoc online, and your iCloud data may be at risk of a breach.
A new hacking tool, called iDict, makes use of a brute force security flaw in Apple's iCloud service, disabling account lockout restrictions and secondary authentication.
"By doing this, they cut out the ability for in this case iCloud to lock the account when it has too many retries," Lance Anderson,Owner of Computronix, explained.
Hackers then are allowed to run a script filled with 500 of the most commonly used passwords. If none of the passwords match, it chooses a different apple username and starts the process over again.
"I recommend at least an eight character password, with special characters and numbers, capital letters, mix it up, and make it harder for someone to figure out," Anderson advised.
You want your password to be difficult enough to not allow easy access to hackers, but simple enough that you don't need to write it down, because people can find it on your desk or in your drawer. Also avoid using passwords that are keyboard shortcuts, like Q-W-E-R-T-Y. Those allow you quick access to your computer, but also give cybercriminals an easy means of entry.
Anderson says that now that everyone knows about this backdoor into Apple accounts, all bets are off.
"A lock only keeps the honest person out. there is always a way for someone to get into the network, its just how bad to they want to get in," Anderson said.
This is the same security flaw that was responsible for the leaking of sensitive photos of celebrities like Jennifer Lawrence and Kate Upton last year
Apple reportedly has plugged up the leak, but this serves as another reminder to make sure your account is protected with a strong password.
You can find a list of the 500 passwords to avoid using by clicking here.