The latest on this situation is updated 8-5. Read the whole thing. Jim Hamm sent this link about a horrible hacking of a man's iCloud account. This evening John Carter sent a further warning of the need to establish strong passwords to avoid such a terrible thing. Here's the first from Jim: "Here is a scary tale of woe: Mr Honan's iCloud account was hacked. What's even scarier, the hacker was then able to remotely wipe Mr Honan's iPhone, iPad and MacBook Air! Yes, all dead. If you happen to use a Gmail account, a two-step verification process is available to prevent hacking. As far as I know, this feature isn't available for iCloud. So, one should have a very strong password for your iCloud account. Yes, I know, it's probably remote that your iCloud account will be hacked. Mr Honan thought so, too." But Jim, can that really be true? He wrote back with two other sites on the issue. Here and here. John Carter went into more detail on what we should do about our own passwords. ". . . if your passwords are short and simple, be prepared to be hijacked and potentially lose all the money in your bank or all the files on your computer. "A strong password contains a mix of letters and numbers with at least one uppercase letter, and the password should be at least 8 characters long. A very secure password will be 10 or more characters long. The password should never contain a word that can be found in the dictionary or letters or numbers in a sequence or that repeat. "Some of my clients do not even have a password to login to their computer, and this is a grave mistake because it makes all your other passwords in the Keychain Access application accessible to anyone that manages to hack into your computer.
"Do yourself a favor and use passwords that are complete garbage. Write them down where you know you can access them quickly. Protecting yourself will save me a trip to help recover your files — if that's even possible. Smile when you have to type in that long gibberish because you know you're being protected. After a few times of typing it in, it will become second nature.
"One approach is to alternating case, intermix numbers with letters, and where allowed, toss in a symbol. For your different passwords, you only need to make one letter or number different or add one letter or number."
So, consider yourself warned, thanks to Jim and John. Now, Jim Hamm brings us the update of 8-5. "Here's update three from the guy who was hacked via iCloud and had his iPhone, MacBook Air and iPad wiped clean: "Update Three: I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were." And here's Jim's final comment -- at least for now! "The hacker sure must have been one smooth talker to convince Apple's tech support to let him into Honan's iCloud account, which wasn't his. So much for strong passwords. It seems they can be circumvented. According to another report, the hacker then used Apple's 'Find My Phone' service to remotely wipe the three devices."