Apple Confirms iCloud Wasn’t Breached In Recent Find My iPhone Ransom Fiasco
We told you yesterday on the news that some iPhone users in the United States and Australia had reported that their iPhones were being held ransom by someone going by the name of Oleg Pliss, and that the situation was somewhat unclear. With users having their devices locked remotely via Apple’s Find my iPhone feature, initial thoughts were that iCloud had potentially had a breach in security with accounts being compromised as a result.
The other, probably more likely reason posited by many though was that the spate of iCloud accounts being compromised was actually a result of the recent eBay security breach which saw the company recommend everyone change their passwords, as well as the passwords of anything that used the same security credentials. It would appear that it’s those people – those using the same password across multiple accounts – that are being targeted.
As expected, Apple is now distancing itself from the entire situation by releasing a statement that reads as such:
Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.
So yeah, nobody had their iCloud accounts hacked, but rather they had their accounts stolen because they were using the same password for multiple online logins. At least, that’s how it appears thus far.
As a recap, the perpetrator is apparently getting hold of users’ iCloud login credentials and then remotely locking iPhones. At this point, users are told to send $50 via PayPal to an account that the online payment company says doesn’t exist. Confused? So are we!
There’s never been a better time to change your passwords, so even if you do follow best practice and use unique passwords across the internet, now might be a good time to change at least your iCloud one. Enabling two-step verification might not be a bad idea, either.