recommended reading


iPhones and iPads in Australia remotely held hostage by attackers

User accounts compromised

The attackers are demanding PayPal payments from owners of Apple devices, including Macs, before they will relinquish control.

One security specialist speculated that the hackers were using compromised login credentials from recent data breaches to access accounts and lock users out.

One iPhone user said she was awoken at 4am on 5/20 to a loud "lost phone" message that said "Oleg Pliss" had hacked her phone, the Sydney Morning Herald reports. She was instructed to send $50 to a PayPal account to have it unlocked.

Victims have been discussing the issue on Twitter and Apple's own support forum.

Owners who use a passcode on their device appear to be able to unlock it after the hacker has sent the ransom note, but those who don’t are unable to, according to the newspaper.

Dozens of others across the country reported similar early morning messages.

"I went to check my phone and there was a message on the screen ... saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR (sent by Paypal to to return them to me. I have no idea how this has happened."

Some victims with iPhones say they have been calling Telstra, Vodafone and Optus to try to fix the issue.

"Vodafone kept saying 'iPhone can't be hacked,' "one Apple user, "Shleighbo", wrote.

"Rang Telstra and they said it is an Apple issue," another, "georgie81", said.

"The Optus tech support was not helpful," said yet another user, "Bettybam".

A Telstra spokesman said the telco was aware of the reports and had referred the matter to Apple.

"In the meantime customers who need assistance can contact Apple Care," the Telstra spokesman said.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves. 




May 27, 2014

reported by

The Sydney Morning Herald

number affected


location of breach




location of perpetrators


date breach occurred


date breach detected

Mid-May 2014