A number of Apple IDs were compromised this week with Apple assuming no responsibility for the incident as the problem did not involve an iCloud breach, according to a brief statement from the company. Affected users are urged to change their passwords immediately.
Earlier this week, news broke that a certain Oleg Pliss was hacking iPhones and Macs by exploiting Find My iPhone’s ability to remotely lock an iCloud-enabled device. The hacker(s), most likely using a fabricated name, asked for a $100/€100 ransom via an alert to have the device unlocked.
It isn’t clear how the hacker(s) got their hands on the affected users’ Apple IDs and passwords, but one plausible theory involves social engineering, phishing scams, etc.
A user on the Apple Support Communities forums revealed that while he had not been affected, he had been prompted several days in a row to respond to a shady email that purported to be from Apple, where the Cupertino company had allegedly suspended his account for security reasons. The email asked the user to re-enter their Apple ID and password, in what would ensure a transfer of these credentials over to the cybercryminals’ database.
Security experts also warn that using the same name and/or password across multiple online services can also lead to this information getting leaked. While iCloud is fairly safe from hacking attacks, other services may not be so secure. Obtaining the password by exploiting one of these less secure services would then enable the hacker to try the same password on Apple’s service and successfully compromise the account.
In a brief statement offered to the media, Apple suggests this is pretty much what happened. Affected users are told to change their passwords ASAP, but the company fails to say what others should do to avoid falling into the same trap.
“Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.”
In reporting the incident, Softpedia posted a few best practices yesterday, suggesting that users employ two-factor authentication and a passcode lock on their devices. The latter is not enough to protect against a password leak, but we hear the device can still be unlocked, buying the user time to restore their device and change their password before the device becomes unusable.
Many impacted users have reported success in simply restoring their devices from a backup image, which goes to show how important it is to have a recent backup of your iOS/OS X installation at all times.