Some iPhone, iPad, and Mac users in Australia are waking up to ransom messages declaring that their devices have been hacked. Several posts on Apple’s official support forums reveal that fraudsters appear to be using the Find my iPhone feature to send messages and lock devices. "Device hacked by Oleg Pliss," reads one message on an iMac, and others have received notices demanding a $50 PayPal payment to unlock an iPhone. While some who have experienced the unusual attack have been able to unlock their devices, others are seeking help from Apple and carriers to regain access to their phones.
It’s not immediately clear how pranksters are gaining access to the Apple IDs to take over the devices, nor why the reports are localized to Australia. It’s possible that hackers have obtained access to a leaked list of email addresses and passwords, exploiting the fact that many people will reuse the same account details for their Apple ID. Database breaches are becoming far too common, with eBay, Adobe, Yahoo, and Target all falling victim in recent months. This latest incident serves as a good reminder to enable two-step verification on an Apple ID, and to never reuse the same password across multiple accounts. After initially declining to comment, an Apple spokesperson has revealed to ZDNet that “iCloud was not compromised during this incident.” Apple is advising affected users to change their passwords and contact AppleCare for additional help.
Update May 28th, 2:50AM: story has been updated with a statement from Apple.