Wave of Australian iOS devices held for ransom via Find My iPhone hack

Sydney Morning Herald:

One iPhone user, a Fairfax Media employee in Sydney, said she was awoken at 4am on Tuesday to a loud “lost phone” message that said “Oleg Pliss” had hacked her phone. She was instructed to send $50 to a PayPal account to have it unlocked.

There is conjecture that the hackers have access to some recently stolen eBay passwords and that the victims have the same password on both eBay and for their Apple ID. Regardless of whether this is true or not, this is a pointed example of why you should not reuse passwords.

“It’s quite possible this is occurring by exploiting password reuse,” Mr Hunt said. “Regardless of how difficult someone believes a password is to guess, if it’s been compromised in another service and exposed in an unencrypted fashion, then it puts every other service where it has been reused at risk. Of course it also suggests that two-factor authentication was likely not used as the password alone wouldn’t have granted the attacker access to the iCloud account.”

Two-factor authentication is critical. If you have not set it up, here’s the place to start. [Via MacRumors]

  • Kriztyan

    1Password. Once you figure it out, it works very good.

  • Mother Hydra

    No sympathy from me. Kiddies we’ll go over it again: Always use unique passwords Always use a pin code or touch id Always use 2-factor authentication when available Always run your updates

    I don’t see any evidence that this is even a hack, a bunch of tools got social engineered. Hopefully this lesson teaches them to do better in the future.

  • Lucky

    I don’t think setting a password makes everything go off beautifully. Some hackers easily gain access to Wi-Fi connected iPhone when it’s jail-broken if they try the default root password, 80% jailbreakers know nothing about the root password configuration after their jailbreak!!! Some users even install spy apps like ikeymonitor to steal unlock pass-code when the device is jailbroken. We are not living in a safe world protected by password.

    But it is at least safer than no password. In normal cases, password is a protective and useful shield, even if it is weak to some extend.. The tech world is dangerous.