Apple: Oleg Pliss affected users should change their Apple ID password; iCloud not compromised
Apple has urged iOS and Mac users affected by Oleg Pliss to change their Apple ID password as soon as password and has also claimed that iCloud hasn’t been compromised during this incident.
The attacks were first reported in Australia and New Zealand and as the day passed instances of locked iPhones, iPads and Macs emanated from US and Canada as well.
The hack seems to be the case of password reuse attack and it apparently used Find My iPhone and Find My Mac to lock victim’s iPhones, iPads and Macs. A message that read “Device hacked by Oleg Pliss” was displayed on the affected user’s device and along with it was present a ransom note demanding anywhere between $50 and $100.
“Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store”, read the official statement from Apple. [source: ZDNet]
The root cause of the attack is yet to be identified, but affected users have taken to Apple forums and a group investigation of sorts is going on with users speculating different causes.
Some of the posts in the forum are from users who have had set a device passcode and these users have revealed that they were able to regain control of the device soon after they received the ransom note; however, those without the device passcodes weren’t lucky enough.