Apple confirms iCloud breach not the reason behind Apple ID hijack

Find My iPhone

Yesterday, we reported that several iPhone and iPad users in Australia were locked out of their devices. Apple issued a statement today clarifying that the iCloud service, which forms the backend for the Find my iPhone service, was unaffected, and that users impacted by the hack should change their Apple ID passwords.

"Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."

The remote hack was carried out using the Find my iPhone service, with affected devices showing a message that read, "Device hacked by Oleg Pliss."

Apple did not offer any explanation as to how the hacker was able to retrieve user data. The hack was originally localized to Australia, but users from other New Zealand, US and Canada also reported being locked out of their devices on Apple's official support forums.

In addition to changing your password, we also suggest enabling two-factor authentication for your Apple ID to secure the service against future hacks.

Source: ZDNet

10
loading...
30
loading...
63
loading...
0
loading...

← Previously

WWDC 2008 flashback: iPhone 3G, MobileMe, Snow Leopard, and the App Store

Next up →

Apple/Beats deal now rumored to have lower price tag

There are 5 comments. Add yours.

RupMjee says:

These id's were probably part of an email address database that got hacked elsewhere. Since lot of users use the same email address as well as password for all their services ( incl apple iCloud ), this was one of those cases where the hackers got lucky.
That's why you should nvr recycle the same password on multiple sites. If you can't remember; use something like Lastpass or 1Password.

Sent from the iMore App

IIJBII says:

I have a feeling we've only started to see these breaches. With more people relying so much on their technology i think this is going to be a big target for hackers.

deksden says:

Locking iDevice via hijacked Apple ID is common problem in Russia: hacker did lock device and wait for some money to be send via anonimouse e-payment system (typically $15-30).

Hacking is done via malware on Windows computer that have access to email that is used as Apple ID. Malware did stole login for email, then hacker did changes password for Apple ID via email, then it uses FindMyiPhone function to lock device and wait for payment. Payment can be done via message from hacker to legitimate user with info about payment destination.

The only solution is to contact Apple's support (or visit Apple Store) and wait for them to solve this problem. For Russia main problem is absence of offline Apple store and poor local support.

Abstractdesigns says:

Wow, thx for the explanation cause I think this is what happened to me a few months ago! My laptop had malware which I didn't know about. I mainly used my iphone to check emails, but all 3 email accts got hacked. I also noticed my phone acting strangely like when I would type in a form on a site ( like now) , the screen would move, or I would see the button to make capital letters get selected when I didn't select! I think phone was hacked. I kept trying to reset my pw's on my email accts but someone kept changing over and over. And they changed my Apple pw plus many online accts. ( no one had access to my phone or laptop) It's taken me months to fix all accts- I finally was able to create new Apple ID & did a restore on my phone. It works better it's slow- still wondering if my phone is safe. Everyone protect your computers, phones, and pw's!

Ludatyk says:

What I don't understand... Apple has the 2 step verification in place. Why don't they use it for the iCloud website. They have it set up for Apple Devices and the AppleID website... would hope they consider the iCloud website for security purposes.