Skip to main content

Apple denies iCloud breach was responsible for device lockout attack, advises users to change passwords

icloud

Last night we reported that several Mac and iOS users were finding their devices remotely locked by hackers who had gained access to the users’ Find My iPhone accounts and demanded a ransom to return the devices to a working state.

Today Apple issued a statement on the problem, noting that—as suspected—the iCloud service itself was not actually breached, but individual user accounts may have been compromised through password reuse or social engineering:

Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.

The first reports of the attack came from Australian users on Apple’s support forum, but users from around the world quickly discovered that they, too, had been targeted by the hacker (or hackers) using the name “Oleg Pliss.”

So far there’s no indication of exactly how the perpetrators gained access to these specific accounts. The news of the attack came just a day after rumors that Apple is preparing to enter the home automation market during this year’s WWDC, which could prove to be a tempting target for similar denial-of-service attacks in the future, if true.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. eswinson - 10 years ago

    Several user / password databases of high profile services were hacked recently including ebay. It would not be very hard to try them as credentials for AppleIDs using the same password. I bet more than 80% of the time they are the same.