Two days after initial reports from Apple iCloud users in Australia who had their accounts breached and devices held for “ransom,” Apple issued a statement saying its iCloud service was not compromised in the attack.
In a brief statement issued to the press on Wednesday, Apple expressed its concern over a recent situation that found Australian iCloud users locked out of their own iPhones, iPads and Macs by hackers. The attacks have since spread to New Zealand, the U.S. and Canada.
“Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.”
A number of Mac and iOS device owners in Australia were reportedly affected by the hack, which used Find My iPhone and Find My Mac to lock targeted devices and send a ransom message that read, “Device hacked by Oleg Pliss.” Users were then directed to send $50 to $100 to a PayPal account in return for a device unlock.
It is assumed that the hacker, or hackers, gained access to affected iCloud accounts through password reuse. As noted in posts to Apple’s Support Communities forum, users who previously set a device passcode were able to unlock their machines. By design, Find My iPhone’s functionality only allows users to set a password for devices that don’t already have one assigned.
Those who did not have a password set prior to the attack were forced to take the issue to Apple.