iPhones and iPads in Australia remotely held hostage by attackers
User accounts compromised
The attackers are demanding PayPal payments from owners of Apple devices, including Macs, before they will relinquish control.
One security specialist speculated that the hackers were using compromised login credentials from recent data breaches to access accounts and lock users out.
One iPhone user said she was awoken at 4am on 5/20 to a loud "lost phone" message that said "Oleg Pliss" had hacked her phone, the Sydney Morning Herald reports. She was instructed to send $50 to a PayPal account to have it unlocked.
Victims have been discussing the issue on Twitter and Apple's own support forum.
Owners who use a passcode on their device appear to be able to unlock it after the hacker has sent the ransom note, but those who don’t are unable to, according to the newspaper.
Dozens of others across the country reported similar early morning messages.
"I went to check my phone and there was a message on the screen ... saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR (sent by Paypal to firstname.lastname@example.org) to return them to me. I have no idea how this has happened."
Some victims with iPhones say they have been calling Telstra, Vodafone and Optus to try to fix the issue.
"Vodafone kept saying 'iPhone can't be hacked,' "one Apple user, "Shleighbo", wrote.
"Rang Telstra and they said it is an Apple issue," another, "georgie81", said.
"The Optus tech support was not helpful," said yet another user, "Bettybam".
A Telstra spokesman said the telco was aware of the reports and had referred the matter to Apple.
"In the meantime customers who need assistance can contact Apple Care," the Telstra spokesman said.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.
May 27, 2014
The Sydney Morning Herald
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected