Apple Denies iCloud Hack as Cause of Locked iOS Device Ransom Demands

Wednesday May 28, 2014 12:11 AM PDT by Arnold Kim
Earlier this week, a number of iOS and Mac users reported iPhones, iPads, and Macs being remotely locked by hackers who then demanded a ransom for their recovery.


The attacks primarily affected those located in Australia. While there have been many theories about common points of attack, no one theme has emerged. Some users also deny that passwords were shared with other services.

ZDNet reports that Apple has issued an official statement denying that iCloud itself was hacked.
Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.
A growing discussion thread on Apple's support forums is following the issue.

Thanks Dominik

Top Rated Comments

(View all)

Posted: 26 weeks ago
Who actually asks for a ransom in typed-text format? Real ransom's are made with individual letters cut from magazines with a scissors.
Rating: 15 Votes
Posted: 26 weeks ago
Surely there was some way Apple could have defended itself without sounding like it was just blaming its users.

Defensive Apple sounds defensive.
Rating: 5 Votes
Posted: 26 weeks ago
It's so obvious this is a user problem (weak passwords) that I don't even know why people pay attention to this.
Rating: 4 Votes
Posted: 26 weeks ago
Given that Spotify recently recommended that all android users change their spotify account passwords after one account was potentially compromised, it is interesting to see Apple take a much more "nothing to do with us" stance. I hope for their sake that they are 100% sure on that one.
Rating: 3 Votes
Posted: 26 weeks ago

Not wanting to defend anyone here - but can you show me where they blame the users? Is their advice bad?


They're advice isn't bad but I feel like I've seen Apple take the "it's not us" stance before then later turn around and admit there was some breach or something. My memory could be wrong.
Rating: 3 Votes
Posted: 26 weeks ago
"Coincidentally", this week I received a phishing attempt, claiming to be from Apple (which was obvious, and I reported through both SpamCop and Google (http://www.google.com/safebrowsing/report_phish/?rd=1)). I've never received one from them - it's always been Amazon, PayPal, eBay, banks, etc. (Part of me actually went "well, it's about time.")

I would put money on the victims having fallen for the phish attempt, and deny having shared their password because they still believe that the link they clicked and divulged all their iCloud account details to "confirm" their account, was an Apple one.

Sorry, but until someone can prove the underlying iCloud infrastructure is to blame, I'm gonna call this user error.
Rating: 2 Votes
Posted: 26 weeks ago

Not wanting to defend anyone here - but can you show me where they blame the users? Is their advice bad?


Also, if this was iCloud related, you'd think the problem would be a lot more widespread. Sounds 'phishy' to me.
Rating: 2 Votes
Posted: 26 weeks ago

It's so obvious this is a user problem (weak passwords) that I don't even know why people pay attention to this.


Because guesswork isn't good enough. It's important to know.
Rating: 2 Votes
Posted: 25 weeks ago

So someone which steals a iPhone, which is more or less the same as this, should be hanged?
All the while, there are white collar criminals which cost the world economy trillions, walking as free men!


I can very much understand _why_. If someone steals money out of your wallet, that's your money stolen. Tough. You lost some money. You don't need to change your behaviour because of this. _I_ don't need to change my behaviour because of this.

This kind of crime makes life harder for _everyone_. Wouldn't it be great if I could create _one_ password that I can remember easily and use it everywhere? I can't, because of bastards like this one. So the fact that someone in Australia is blackmailing some people affects _everyone_. Take the little inconvenience for me and you, and multiply it by a billion people.
Rating: 1 Votes
Posted: 25 weeks ago
The real issue is Apple doesn't even support two-step verification in every country. This makes little sense to me. Even stranger, they don't require 2-step verification to use Find My Phone on the web. They really need to push and/or require two-step verification in every country and let people know it even exists.
Rating: 1 Votes

[ Read All Comments ]