AppleInsider Staff
Two days following initial reports from iCloud users in Australia who had their accounts breached and devices held for "ransom," Apple issued a statement saying its cloud service was not compromised in the attack.
In a brief statement issued to press outlets on Wednesday, Apple expressed its concern over a recent situation that found Australian iCloud users locked out of their own iPhones, iPads and Macs by nefarious hackers, reports ZDnet. The attacks have since spread to New Zealand, the U.S. and Canada.
Apple's statement:
Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.
A number of Mac and iOS device owners in Australia were reportedly affected by the hack, which apparently used Find My iPhone and Find My Mac to lock targeted devices and send a ransom message that read, "Device hacked by Oleg Pliss." Users were then directed to send $50 to $100 to a PayPal account in return for a device unlock.
It is speculated that the hacker, or hackers, gained access to affected iCloud accounts through password reuse. As noted in posts to Apple's Support Communities forum, users who previously set a device passcode were able to unlock their machines. By design, Find My iPhone's functionality only allows users to set a password for devices that don't already have one assigned.
Those who did not have a password set prior to the attack were forced to take the issue to Apple.
William Gallagher
Christine McKee
Chip Loder
Malcolm Owen
20 Comments
[quote name="AppleInsider" url="/t/180158/apple-says-icloud-not-compromised-in-australian-ransom-scheme#post_2540752"] While the culprit remains at large, it is speculated that the hacker, or hackers, gained access to affected iCloud accounts through password reuse. As noted in posts to Apple's Support Communities forum, users who previously set a device passcode were able to regain control of their machine shortly after receiving the ransom note. Those who did not log a password were forced to take the issue to Apple.[/quote] What in the Hell is the writer trying to say in the last paragraph of this story!! "...users who previously set a device passcode were able to regain control of their machine shortly after receiving the ransom note." [B]That is total gibrish![/B] Is the writer struggling to say the users had a passcode set for their iPhone, or they didn't have a unique passcode as the rest of the story implies? Then they received a ransom note and then mysterious regained control without paying the ransom? Or maybe they did pay the ransom, who's to know?? And what is this about LOGGING a passcode?? The rest of the story talks about SETTING a password, then suddenly, in the LAST paragraph it becomes "LOGGING a passcode." Did someone go to lunch and leave it up to someone else to type the last paragraph? [COLOR=blue][SIZE=4]What I got out of this piece of pathetic prose is that something happened in Australia that spread to other countries. The iCloud had nothing to do with it...or maybe it did, but it's not Apple's fault if it did. Then it was all mysteriously cleared up in the last paragraph.. or maybe it wasn't. The solution seems to change a passcode on either your device or iCloud or somewhere it can be LOGGED. or maybe set... who's to know???[/SIZE][/COLOR]
Considering eBay was recently hacked, I wonder if there's a connection. But it seems like there's much more lucrative things you could do if you'd hacked eBay than just ransom some iPhones. Who knows though.
@macky I've never seen a more needlessly aggressive comment in all the internet. The writers are actually people... they're not punching bags for your insecurities.Just relax, its too easy to shout at people. I hope that post doesn't reflect the culture of this site...
What in the Hell is the writer trying to say in the last paragraph of this story!!
"...users who previously set a device passcode were able to regain control of their machine shortly after receiving the ransom note."
That is total gibrish!
The reason why it's "gibish" is that somehow you think a device passcode or password and a iCloud/Apple ID password are the same thing.
"...users who previously set a device passcode were able to regain control of their machine shortly after receiving the ransom note."
That is total gibrish! Is the writer struggling to say the users had a passcode set for their iPhone, or they didn't have a unique passcode as the rest of the story implies? Then they received a ransom note and then mysterious regained control without paying the ransom? Or maybe they did pay the ransom, who's to know??
And what is this about LOGGING a passcode?? The rest of the story talks about SETTING a password, then suddenly, in the LAST paragraph it becomes "LOGGING a passcode." Did someone go to lunch and leave it up to someone else to type the last paragraph?
What I got out of this piece of pathetic prose is that something happened in Australia that spread to other countries. The iCloud had nothing to do with it...or maybe it did, but it's not Apple's fault if it did. Then it was all mysteriously cleared up in the last paragraph.. or maybe it wasn't. The solution seems to change a passcode on either your device or iCloud or somewhere it can be LOGGED. or maybe set... who's to know???
What's so hard to understand? A hacker got hold of some users iCloud passwords because it was the same password they used on the account that the hacker actually hacked. While in iClould they used the "Find My iPhone (iPad)" function and locked out the device. As if the owner of the device had it lost or stolen and got into his iCloud account to lock it out. If the device had a passcode already entered, the "Find My Device" uses that passcode to regain access if the owner gets it back. The hacker couldn't change it. But if there was no passcode entered, the "Find My Device" lets you enter a passcode. The "Find My Device" also lets you put a message on the lost of stolen device. Which is how the hacker got his ransom message to display. So users that already had a passcode could still unlock their device because they know the passcode. Users that didn't have a passcode were stuck because the hacker put in a passcode that they didn't know. I assume that if the hacker changed the iCloud password, the account owner can still get into his account by going through the "forgot my password" function and answering a few security questions.