Last night we reported that several Mac and iOS users were finding their devices remotely locked by hackers who had gained access to the users’ Find My iPhone accounts and demanded a ransom to return the devices to a working state.
Today Apple issued a statement on the problem, noting that—as suspected—the iCloud service itself was not actually breached, but individual user accounts may have been compromised through password reuse or social engineering:
The first reports of the attack came from Australian users on Apple’s support forum, but users from around the world quickly discovered that they, too, had been targeted by the hacker (or hackers) using the name “Oleg Pliss.”
So far there’s no indication of exactly how the perpetrators gained access to these specific accounts. The news of the attack came just a day after rumors that Apple is preparing to enter the home automation market during this year’s WWDC, which could prove to be a tempting target for similar denial-of-service attacks in the future, if true.
