Starting the New Year off with a bang, a hacker has leaked a way to let anyone access your iCloud account. That means your photos, files, apps and more are extremely vulnerable right now. We don't know for sure that this works, but it appears to be real.
A hacker by the name of Pr0x13 has created a GitHub page to showcase this hacker tool, named iDict. It's a brute force dictionary attack that's described as a "100% working iCloud Apple ID dictionary attack that bypasses account lockout restrictions and secondary authentication on any account."
So, what does that mean for you? Well, we don't know for sure that it actually works yet since it's basically a "zero-day" exploit. And the hacker would have to know your iCloud email address to gain access.
However, tech-savvy users on Reddit and Twitter claim that this attack does work. This kind of dictionary attack works best against people who use simple or easy-to-guess passwords, or who use the same password for multiple sites.
Unfortunately, if this is a working security hack, there's not much you can do. Experts recommend changing your password to a more complicated one, you can learn how to do that by clicking here.
You can also secure your account even further by changing your iCloud email address to one that hasn't been shared online. Apple released additional security measures last year, like the two-step authentication, but unfortunately iDict claims to bypass that altogether and goes straight to hacking your password.
Update: Unconfirmed reports by Pr0x13 that the security hole in iCloud has been patched. Stay tuned for official updates.