A number of Australian Apple device owners have discovered that their devices have been hacked, and are being held hostage for ransom, reports the Sydney Morning Herald. iPad, iPhone, and Mac owners have reported seeing messages stating their device was hacked, and would be unlocked if they sent money to a PayPal account. In some known cases, the message “Device hacked by Oleg Pliss” has prompted users to send $50 or $100 to a PayPal account. Dozens of users have reported seeing similar messages.
According to the report, users with a passcode were able to unlock their devices after receiving the message, but those without a passcode on their devices were unable to do so. A PayPal spokesman said no PayPal account was linked to the email address given, also noting that any money sent by hacked users would be refunded. Users have received little help from carriers, and have been told to contact Apple, which has yet to comment. The hacker appears to be exploiting an insecurity within Find My iPhone.
Update – May 28: Apple released a statement on the issue: “Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.” [via ZDNet]