May 28, 2014
Yesterday, it was reported that a number of Mac and iOS users in Australia had had their Apple devices remotely locked by hackers in exchange for ransom. Now, Apple has issued a comment regarding this rather bizarre security issue. In a statement to ZDNet, the Mac and iOS device maker implied that iCloud was not hacked and encouraged users to use unique login credentials:
Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.Affected users found their Mac and iOS devices with a "ransomware" message saying that their devices had been hacked by a certain "Oleg Pliss" and that they had to send money to a PayPal account to have their devices unlocked. Users whose devices have been held for ransom by hackers have taken to Apple’s support forum as well as social media to discuss the issue. It has been speculated that the hacking has been accomplished using login credentials that have been acquired from recent data breaches and then used as Apple ID logins to lock users out via iCloud. While this may be the case, Apple, in its statement, maintains that iCloud itself has not been hacked. In addition to using unique usernames and passwords, the use of Apple’s two-step verification for Apple IDs and passcode lock or Touch ID for iOS devices is highly recommended.