Oleg Pliss

On Monday, a number of iOS and Mac users came forward with complaints that their devices had been remotely locked by hackers. In most of the cases, a message appeared via Find My iPhone on the locked devices, demanding payment for the hack to be reversed.

As far as we can tell, the attacks have been concentrated on Mac and iOS products in Australia. And among the various theories of how the hackers were able to set a remote lock has been the fear that iCloud was breached. But Apple says it hasn’t been compromised…

In a statement provided to ZDNet provided to ZDNet, Apple says:

Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.

We of course have always recommended that users make sure to set a strong unique password for their Apple ID, as it grants access to a wide range of services and devices. We also suggest enabling Apple’s new two-step authentication feature, which you can do here.

Still have questions? This thread on Apple’s support forums is following the issue.

  • I remember hearing about a recent phishing email that claimed to be from Apple notifying users that their iCloud accounts had been suspended. The email provided a log in link for users to resolve the issue. Perhaps the hacker(s) in question were able to net some iCloud credentials during this phishing campaign.

    • Or it was the case where the eBay db was hacked days ago and people were using the same password and apple id for ebay giving the hackers easy access not to iCloud only but to many other services.

      Note to self:
      use a different password for every online service.

      • Sleaka J

        Surely that would result in a lot more non-Australian cases. That fact that it’s mostly Australian users suggests a more local reason.

      • makes sense, i didnt know it was only Australians

      • Sleaka J

        It’s in the title AND the article.

    • Antzboogie

      The cloud is not safe where have you all been??

  • obada

    Oh shit, i’m in Australia

  • Chris

    This entire story sounded very suss from the gecko considering it only hit a small amount of users within Australia, like Ian MacGregor said this sounds more like a phishing scam as I have not one friend that was a victim of this attack.

    All-in-all the basic security steps you should take are.

    Use a generated password via a service such as 1Password or LastPass
    Always use 2 step authentication where you can, most services use Google’s API now
    Change your passwords at least once every 6 months and always keep it unique

    • ✪ aidan harris ✪

      All common sense. Tech companies need to do more to educate people about what you’ve just said IMO as it amazes me that so many people do not know how to keep their accounts secure or choose not to for whatever reason…

      • Chris

        Agreed but there is a mammoth number of security guides for securing yourself online, at the end of the day companies can’t be held responsible when the user is the incompetent one.

        More often than not I will get an in your face notice asking me to turn on 2 step auth if I already haven’t so from perspective companies such as Apple have covered their end.

    • Kevin Osborne

      A gecko did this?!? Geico Insurance?!?

      • Chris

        Simple typo, my brain was switched off

      • Kevin Osborne

        What is a brain? I am the Scarecrow from Oz, my friend.

    • Antzboogie

      The cloud has not been safe for sometime. Why do people act surprised lol. Please dont recommend an app to create a password for you which is not safe at all. Create your own passwords not an app that is supported by ads or records your data, plus possibly can give the same passwords to mulitple users. Thanks just a thought.

      • Niclas

        Passwords generated in 1Password or LastPass are a lot safer than what you can come up with.
        With that said it’s very inconvenient to have a random pw as a apple id pw. What one should do in such case is use a system based on nothing about yourself and no words from any dictionary. Use large + small characters, numbers, symbols.

        Do not use any common or uncommon 1337 5P33K.
        Enable 2-step auth.

      • Chris

        Services such as 1Password use AES-256 bit encryption, to access data stored behind this you need a master password which should be long, impossible to assume by hackers and most of all is something no one else knows.

        Also manually tracking passwords is a bad idea, I used to do that 6 years ago before I started using 1Password and since then haven’t turned back considering all the security benefits.

        If you don’t want to believe in true encryption that’s your choice but I prefer my data to be safe and locked away, also for the record 1Password is completely localized, it’s a personal choice if you wish to sync it via iCloud or Dropbox as by default you can use Wi-Fi syncing over an internal network.

      • Antzboogie

        I’m not sure Dropbox and iCloud are all that safe. Why not create your own password based off of what you learn from the apps you speak off. Doesnt an app technically saves all your data? Even if it doesnt its creepy to let some app create the password for you.

      • Chris

        The app manages my passwords, the data itself is 100% in my control in a folder location I know about at all times, at no point in time does it get uploaded without my permission.

        That’s the entire point you’ve missed.

  • ✪ aidan harris ✪

    Just as I said all along. User incompetence at its finest…

  • Raye Penber

    For some time now, i would like to enable Two Step verification, but last time i wanted to do that, it was country specific. My country was not listed there … so yeah, every time i read articles where they suggest doing so, I’m little pit disappointed by them