Aussies urged to change iCloud passwords after Apple hijacking
Thursday, May 29, 2014/
Apple owners with iCloud accounts are being urged to change their passwords by both Apple and Australian authorities, after several iPhone accounts were hijacked earlier this week.
In the wake of last week’s eBay hacking, the importance of not reusing passwords for different accounts is again being stressed to individuals and businesses.
On Monday, several Australian iPhone users reported their devices had been “hijacked” and “held for ransom” after their phones were remotely locked and received a message demanding a PayPal payment to unlock the device.
Speaking to SmartCompany, AVG security advisor Michael McKinnon says it was initially thought the hijacking was an Apple password or ID scam and the result of ransomware or malware software.
“What in fact what has happened is Apple IDs or passwords have become known, presumably because people are not using a unique password for each account,” says McKinnon.
McKinnon says the ‘hijackers’ had found the username and passwords of a third party account and then tried the same username and password against the iCloud service.
“Attackers then jump onto iCloud, turn on security features people use when their phone is stolen, such as the ‘find my phone’ feature, and then mark the device as stolen, publish a message on the phone for a ransom and lock phone remotely,” says McKinnon.
The Australian government released a statement on Tuesday on its ‘Stay Smart Online’ website, which urged Apple users to change their IDs and passwords, while Apple also reiterated the message in a statement.
“Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services,” said the company.
“Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.”
The statement also said Apple takes security very seriously and iCloud was not compromised during the incident.
McKinnon says Apple has a good track record with security and he is inclined to believe iCloud was not compromised.
“All Apple is saying is, as far as we concerned, no one has stolen Apple IDs or passwords,” says McKinnon.
“It’s just a malicious usage of Apple’s own security feature, ironically.”
McKinnon recommends users who want to ensure the best security should visit id.apple.com and click on the ‘Manage Apple ID’ link.
“Login and then activate the ‘two step verification’, which causes Apple to send a message to all your registered devices with a special number,” says McKinnon.
“This means that when you try and access iCloud online, even if someone has your password, they can’t get into your account,” he says.
McKinnon says as technology continues to grow more complex, there has been an expansion of hacking opportunities.
He says hacks like this could have much more dire consequences than the demand for ransom.
“People have photos and documents stored in their iCloud, and these ‘find my phone’ features have the ability to delete and completely wipe devices,” he says.
He says hackers haven’t been interested in wiping accounts so far because ultimately they are just after quick cash and know they’ll be caught if they commit the much more serious crime of wiping devices.
“Apple and others are far more likely to act if there is a breach like that,” he says.
LinkedIn engagement pods: Silver bullet or desperate ploy? Sue Parker DARE Group founder
Own it: The 10 things you need to do to manage your personal brand Lisa Stephenson Who Am I Projects founder
How to call your team into action with a winning presentation Emma Bannister Presentation Studio founder
The link between diet and mental health — and how to eat your way to wellbeing Kate Save Be Fit Food co-founder
From interactive videos to AI: The five marketing trends that will dominate 2019 Warwick Boulter Collaboro co-founder
Australia is leading the legaltech revolution, but what does this mean for lawyers, firms and clients? Jodie Baker Xakia founder
Why a video news release needs to be part of your PR strategy Leisa Goddard Adoni Media managing director
Want to catch more customers? Here's how to create a super sales funnel Jovana Vujnic Bumper Leads founder