iCloud account hacked?

40 Million iCloud Accounts Hacked? Hackers Hold iOS Devices To Ransom

Massive 40 Million iCloud Accounts Hack Could Hold Apple Devices Hostage For Russian Ransomware

Apple’s iCloud account appears to have been so severely hacked by some urbane hackers that some iPhones have essentially been held hostage for Russian ransomware. It is guessed that an astounding 40 million iCloud accounts (approximately) are rumoured to be at risk, according to CSO Online.

Some iPhone users, dating back to February this year, have discovered that their devices have been compromised, and are held hostage by Russian hackers. The attack is almost too simple.

An iCloud account is broken into (with the help of leaked credentials), and the service’s “Find My iPhone” feature.

“It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.

In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they’re told they have 12 hours to comply or their data will be deleted,” said CSO security blog Salted Hash.

If a slew of iCloud accounts are breached, you can multiply that $30 – $50 by 1,000 or even more, and the scheme suddenly looks rather lucrative to the hackers.

Given that the Apple ID credentials involved in the ransom attacks are believed to originate from online security breaches, Salted Hash pointed towards a recently compromised Mac-Forums.com database, which allegedly includes 291,214 accounts, being sold for around $775 on the darknet.

However, some security experts are claiming that the victim count of 40 million is likely way overblown. It does make sense, because even if only a small percentage of the list were being attacked, a few hundred thousand victims within a few months would standout like a beacon. In short, there would be no way to keep such attacks under the radar. That’s not a glitch that would escape Apple’s radar, as you can imagine.

At this point of time, there is no evidence to suggest that the Mac-Forums database has any relation to these ransom attacks. However, if you wish to tread caution, it is highly recommended that you immediately change your iCloud password, and if you haven’t already, enable two-step verification. Both these changes can be done inside of your iCloud Settings screen.

SOURCES: TECHWORM, CSO ONLINE