Skip to Content

Hackers Using iCloud's Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments

by

Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone.

With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here.

maclockedfindmyiphone
Apple allows users to access Find My iPhone without requiring two-factor authentication in case a person's only trusted device has gone missing.

2faicloud

2-factor authentication not required to access Find My iPhone and a user's list of devices.

Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device.


The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers.

Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

lockmacfindmyiphone

It's easy to lock a Mac with a passcode in Find My iPhone if you have someone's Apple ID and password.

To prevent an issue like this, Apple users should change their Apple ID passwords, enable two-factor authentication, and never use the same password twice. Products like 1Password, LastPass, and even Apple's own iCloud Keychain are ideal ways to generate and store new passwords for each and every website.


Users who have had their Macs locked will need to get in contact with Apple Support for assistance with removing the Find My iPhone lock.

(Thanks, Eli!)

Tags: Find My iPhone, Hack

Popular Stories

Multicolored Low Cost A18 Pro MacBook Feature

Apple Accidentally Leaks 'MacBook Neo'

Tuesday March 3, 2026 7:00 am PST by
Apple appears to have prematurely revealed the name of its rumored lower-cost MacBook model, which is expected to be announced this Wednesday. A regulatory document for a "MacBook Neo" (Model A3404) has appeared on Apple's website. Unfortunately, there are no further details or images available yet. While the PDF file does not contain the "MacBook Neo" name, it briefly appeared in a link...
Read Full Article353 comments
imac video apple feature

Apple Unveils Two New Products

Monday March 2, 2026 7:49 am PST by
Apple today introduced two new devices, including the iPhone 17e and an updated iPad Air. iPhone 17e features the same overall design as the iPhone 16e, but it gains Apple's A19 chip, MagSafe for magnetic wireless charging and magnetic accessories, Apple's second-generation C1X modem for faster 5G, and a doubled 256GB of base storage. In the U.S., the iPhone 17e starts at $599, just like the ...
Read Full Article
Apple iPhone 17e feature

Apple Announces iPhone 17e With A19 Chip, MagSafe, and More

Monday March 2, 2026 6:07 am PST by
Apple today announced the iPhone 17e, featuring the A19 chip, MagSafe connectivity, faster charging, and more. The iPhone 17e contains the A19 chip introduced in iPhone 17. It features a 6-core GPU and a 4-core GPU. Apple pointed out that this makes it up to 2x faster than the iPhone 11. The new 16-core Neural Engine is optimized for large generative models. The iPhone 17e also contains...
Read Full Article234 comments

Top Rated Comments

miketcool Avatar
miketcool
110 months ago
Meh, this is why things live on external drives. If I lost or had my laptop stolen, I'd wipe it and be back up and running in 25 minutes without the hassle.
Score: 19 Votes (Like | Disagree)
I
I Need a Drink
110 months ago
Nice job MR. I only emailed them about this 4 weeks ago and asked that they run a story to inform people that this was going on.

I also emailed Apple about the issue with a simple suggestion. What they need to do is to require the device password when you try to lock a device from Find My iPhone on the web. When you go to remote lock a device you enter a lock passcode and the device's password or passcode. When that is sent to the Mac, iPhone, whatever, if the device password doesn't match, it won't lock the device. That way, even if a hacker guesses your Apple ID and password using hacked credentials, they still can't lock the device without the Mac's login.
Score: 17 Votes (Like | Disagree)
4
44267547
110 months ago
Macurmors quote:

"Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details."

And this is exactly why I reconfigure all my passwords for my accounts on a regular basis. Stagnancy can be part of the problem.
Score: 12 Votes (Like | Disagree)
Vol7ron Avatar
Vol7ron
110 months ago
Yup, this happened to me back in June when I installed beta 1 of MacOS High Sierra. Frustrating and embarrassing when your an IT engineer and your own device gets hacked! Had to bring it to Apple and provide proof of ownership before they would remove the lock.

And always use 2Factor. I don’t buy the second tweet about someone getting hacked with having 2FA enabled. Even if they could guess your password and the security code, your trusted device would still get a notification and you could block access.
I had 2 factor enabled, saw that someone was trying to access my account, denied them, and still had my account locked.
Score: 11 Votes (Like | Disagree)
busyscott Avatar
busyscott
110 months ago
MacRumors, why are you recommending two-factor authentication if you then go onto say you can access Find My iPhone without needing 2FA??

Here's a better recommendation: turn off Find My Mac until Apple correct course and Find My iPhone requires 2FA.
Score: 10 Votes (Like | Disagree)
B
Born Again
110 months ago
I liked how he said "y'all"

"y'all come back now ! yah hear?!"
Score: 7 Votes (Like | Disagree)
Read All Comments