Hackers using stolen iCloud credentials have been able to use Apple’ Find My Device features to remotely lock down computers and demand Bitcoin ransoms from affected users. However, that doesn’t mean Apple’s iCloud was hacked. Instead, hackers are likely trying their luck with some of the many available username and password combinations that resulted from recently publicized hacks.
As long as you don’t reuse passwords, and your iCloud login is distinct from any of your username and password combo that may have been affected by a recent hack, you are safe. Hackers won’t be able to log into your iCloud account and disable your Mac.
So a hacker gained access to my iCloud account (despite two-factor authorization) while I was asleep this morning.
— Jason Caffoe (@jcaffoe) September 20, 2017
But there are users out there who don’t use this basic security feature — picking at least a different password for every online property you might own. As a result, hackers were able to lock down their devices, MacRumors reports.
https://twitter.com/bunandsomesauce/status/909181846591860736
As long as someone has access to your iCloud credentials, they can lock a Mac with a passcode even when two-factor authentication is turned on your account. That’s because an Apple user has to be able to search for an iPhone on a map in case it gets lost even if the iPhone is protected with two-factor authentication.
In case you have been affected by the issue, you should try contacting Apple support to for assistance.
Jovan, I am a former Apple employee and now run my own tech support business. I am going to give you all the free advise I can. This can…
— Joe Simenstad (@jsimenstad) September 21, 2017
..only be fixed either by Apple or through a brute force attack of the locked PIN code. I have a machine that can do it, but it takes weeks.
— Joe Simenstad (@jsimenstad) September 21, 2017
This happened to a client last year and I tried warning Apple, but nothing happened. Until it's unlocked, your computer is a brick. Sorry.
— Joe Simenstad (@jsimenstad) September 21, 2017
In the future, you should rely on unique passwords and password management programs to safeguard your devices and online accounts, and change the passwords when one of those accounts is hacked.
