“Owners of Apple devices across Australia are having them digitally held for ransom by hackers demanding payment before they will relinquish control,” Ben Grubb reports for Fairfax Media. “iPad, iPhone and Mac owners in Queensland, NSW, Western Australia, South Australia and Victoria have reported having their devices held hostage.”
“One iPhone user, a Fairfax Media employee in Sydney, said she was awoken at 4am on Tuesday to a loud ‘lost phone’ message that said ‘Oleg Pliss’ had hacked her phone. She was instructed to send $50 to a PayPal account to have it unlocked,” Grubb reports. “It is likely hackers are using the unusual name as a front to get money from people. A real Oleg Pliss is a software engineer at tech company Oracle. A similar name is listed on LinkedIN as a banking professional in Ukraine, while there are others in Russia.”
“Users who have a passcode on their device appear to be able to unlock it after the hacker has sent them the message demanding payment, but those who had not set a passcode are unable to,” Grubb reports. “A PayPal spokesman said there was no PayPal account linked to the email address the hacker used. The spokesman added that any money that may have been sent by victims would be refunded.”
“Comment is being sought from Apple. A Telstra spokesman said the telco was aware of the reports and had referred the matter to Apple,” Grubb reports. “Vodafone said no customers had reported the issue to its support centre. Optus said if customers had any questions about their Apple devices, they ‘should speak directly to Apple.’ The Australian Competition and Consumer Commission, which runs the federal government’s Scam Watch website, said only one user had reported the issue to it so far.”
Read more in the full article here.
Oleg Pliss. A name to conjure with.
Victims of login reuse from the eBay hack, do you think?
Now affecting US customers.
https://discussions.apple.com/thread/6270410?start=255&tstart=0
Not so. If you had paid closer attention, you’d have notice that all of the people actually having the issue, not just discussing or participating in the thread, are from Australia. It says so in the upper right corner of their posts. Have a closer look.
Please read the user comments – several in US.
If you haven’t already, enable two-factor authentication!
Please explain two-factor authentication. Thanks
http://lmgtfy.com/?q=%22What+is+two-step+verification+for+Apple+ID%3F%22#
While we’re on the Australian theme, that was a total “Dorothy Dixer”.
This article at first makes it sound like ALL Apple devices had been hacked…by the end it sounds like only ONE was hacked.
One device for one user sounds like a user issue, not an Apple problem.
And asking that money be sent to a paypal account says it’s not a serious attempt, but more likely somebody screwing around.
Yes indeed! I explain why below.
Sounds like something samdung PR dreamed up for Australia.
1 person effected or reported in this story doesn’t make this a big story or hacker takeover as the headline suggests. From what I read in this article only 1 persons iPhone was effected. I did not read anything about any Macs or iPads. So until more people come forward about this I would take this story with a micro grain of salt.
Owners across Australia, 1 to be exact. Let’s make a big deal out of nothing.
It should have said “Owner across Australia”
Wow!! Apple is really shitting the bed again on this one! How embarrassing! Problems just keep coming up and now my iPhone and Mac will possibly become useless? Job’s Cancer must have spread through to Apple.
You forgot the “/s” tag.
No commend from MDN?
I live in a semi rural coastal town on Australian east coast. I first heard about the from some trash talk about Apple on a local FB page. Searching online found little at first but now there are multiple reports of “hijacked” devices.
http://forums.whirlpool.net.au/forum-replies.cfm?t=2266104
https://discussions.apple.com/thread/6270410?start=255&tstart=0
Not all are in Australia with reports from Canada, US, UK and South Korea. Some of whom state they had Australian purchased phones and others had Australian iTunes accounts (?). Various devices and telco me carriers. There seems to be a connection with use of “find My iPhone”. But at this point it looks like it could be a quite ugly.
I am not hacked. iPhone, iPad, iMac. all with Find My iPhone and latest software on “iDevices” Lion on Mac.
If this spreads over night it could be bad.
Most likely a data breach of a large bunch of iCloud info?
One guess is that it’s fallout from the ebay breach. If people used the same password for both (a really bad idea, of course), then that and the email address is all that’s needed.
I have little sympathy for people who haven’t set passwords on their iDevices, or taken advantage of Apple’s 2-step verification process. This is a user issue, not Apple’s.
What a great day, the world really does feel like a better place.
According to the source article, the hack is being done via ‘Find My iPhone’. Since the hackers do NOT actually have your phone, they have to use the user’s login credentials (stolen or guessed from wherever) to get into the user’s iCloud account. Once they have broken into the account they have these four options:
1) Find the device (if it’s online) on a map.
2) Play a sound on your device to help you find it.
3) Use Lost Mode to lock and track your device. “If you can’t find your device, use Lost Mode right away to lock it with a passcode, display a custom message on the screen, and keep track of its location.”
4) Remotely erase all of your personal information from the device.
Obviously, the hackers are using “Lost Mode” to pull off their ‘ransom’.
http://help.apple.com/icloud/#/mm6b1aa045
I hope this information helps fill in the gaps regarding what is actually happening here.
Reversal of the problem requires Apple to dump your hacked ID and password and reset them. You can then log into iCloud with the new account credentials and STOP Lost Mode.
http://help.apple.com/icloud/#/mmfc0f0165
IOW: Despite all the scare tactics, there really is NO way for a hacker to actually hold your iDevice hostage. They can set off the finding sound or erase it! But you of course have a BACKUP of your iDevice and therefore don’t care.
(If you don’t have a backup of your iDevice, I have no sympathy. Equally, I cannot comprehend why anyone would not at least have a passcode on their iDevice. If you haven’t, again I have no sympathy).
I should also add, regarding PayPal, no PayPal account can accept money unless it has been verified by PayPal as being connected to a specific verified person. Therefore, no kidnapper of any kind is EVER going to use PayPal as they can be immediately fingered. AND, PayPal covers any bad payment you may have made in any case.