iCloud data not compromised in latest hack claims Apple

Apple has issued a statement regarding devices getting locked in Australia, and confirmed that the iCloud data of the users is secure regardless of the security breach.

It was reported yesterday that iPhone and iPad users in Australia found their devices locked remotely and were being prompted for money by the hackers. It was revealed that the hacking was made possible by compromised Apple IDs from the region, which security experts believe were stolen from certain websites frequented by the users and were later locked using the "Find My iPhone" feature.

Now, nearly a day after the initial reports, Apple has acknowledged the mass hacking of these devices in Australia, and urged users to change their Apple ID passwords immediately.

The official statement from Apple reads, "Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."

Apple has been facing numerous security issues recently, starting with the SSL/TLS implementation vulnerability across all its operating systems and background monitoring on its iOS platform. However, this security breach appears to be third party websites and ignorant users being the main cause of the hacking.

Source: ZDNet | Password Security For Safety From Mobile Phone image via Shutterstock

Report a problem with article
Previous Story

Satya Nadella: We're not selling off Bing and Xbox

Next Story

THL smartphone with a giant 5000mAh battery officially announced

25 Comments

View more comments

Ha. This is why Apple is the worst. "Oh are your Apple accounts Hijacked and being held ransom? Hey that's your fault you dumb user" ????
I hope at least Apple probes affected accounts and gets them back in the proper hands. Apple should of at least disabled affected accounts who have seen account activity from the phishers

Also if the accounts are compromised and being held for ransom, how does one go about changing their passwords? ransom means their details have changed

Yes, of course it's Apple's fault people use the same password for a billion and one websites and don't use a passcode on their devices.

dingl_ said,
Ha. This is why Apple is the worst. "Oh are your Apple accounts Hijacked and being held ransom? Hey that's your fault you dumb user" ????
I hope at least Apple probes affected accounts and gets them back in the proper hands. Apple should of at least disabled affected accounts who have seen account activity from the phishers

Also if the accounts are compromised and being held for ransom, how does one go about changing their passwords? ransom means their details have changed

Seriously?

dingl_ said,
Its the users fault, but you don't leave them to their own devices out in the cold once affected by a hack

"Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."

Try actually reading the article before going nuts over nothing next time. You're acting like a crazy person.

"You're holding it wrong!" = User's fault, right?
"You're iMapping it wrong!" = User's fault, right?
"You're passwording MACs wrong!" = User's fault, right?
Hahaha, I really love how silly defending fan tantrums are!

People are usually normal people that basically use those "Safer" MACs because they actually believe they are "safe"... So if they have to care more for passwording, there is no difference from any PC or Chromebook... So why the hell spend more money on the same hardware and the same "safety"? Thanks, now I have bases to convince my wife back into a safer, nicer, lighter Surface!

VHMP01 said,
"You're holding it wrong!" = User's fault, right?
"You're iMapping it wrong!" = User's fault, right?
"You're passwording MACs wrong!" = User's fault, right?
Hahaha, I really love how silly defending fan tantrums are!

Let me know when you Android and WP fanboys stop having fake apps like Anti-viruses in your store.

VHMP01 said,
"You're holding it wrong!" = User's fault, right?
"You're iMapping it wrong!" = User's fault, right?
"You're passwording MACs wrong!" = User's fault, right?
Hahaha, I really love how silly defending fan tantrums are!

Is Strawey McStrawman throwing a tantrum again?

"fake apps like Anti-viruses in your store"

I think you meant to say, in Google's Appstore or Google Play Store, cause I don't think VHMP01 has a store!

Mr.XXIV said,

Let me know when you Android and WP fanboys stop having fake apps like Anti-viruses in your store.

Really? WP has no need for AV apps nor are there any fake ones in the store.

.Neo said,

"Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."

Try actually reading the article before going nuts over nothing next time. You're acting like a crazy person.

As long as their Apple Care didnt expire...

Scabrat said,
As long as their Apple Care didnt expire...

I've asked a friend who works at the Amsterdam Apple Store and he said they'd assist people with this issue regardless of them having warrantee/AppleCare or not.

VHMP01 said,
"You're holding it wrong!" = User's fault, right?
"You're iMapping it wrong!" = User's fault, right?
"You're passwording MACs wrong!" = User's fault, right?
Hahaha, I really love how silly defending fan tantrums are!

So what you're saying is it is in fact Apple's fault certain people use the same password for everything and not setting a passcode on their devices?

What most likely happened is: People are using the same password all over the internet. Through some poorly secured website "hackers" managed to aquire vast amounts of passwords and iCloud email addresses. Then they used those passwords to randomely check whether or not it would also work with iCloud. Now this wouldn't be much of an issue if people actually used a passcode on their phone.

Apple was not affected by the OpenSSL flaw. Apple does not use OpenSSL in Mac OS X and it has never been included with iOS.

Mr.XXIV said,
Apple has always insisted on being independent, especially in their code base.

Which is exactly why they weren't compromised with the OpenSSL heart bleed vulnerability.

Yea! It's thanks to Mac devs like Agilebits that we have 1Password and their Watchtower service to keep us active on our personal security. I stick with Mac simply because I feel more free, yet more secure.

Rosyna said,
Apple was not affected by the OpenSSL flaw. Apple does not use OpenSSL in Mac OS X and it has never been included with iOS.

Except, there was a report that heartbleed DID affect Apple. Namely AirPort Extreme and AirPort Time Capsule...

if someone phished your Facebook password and thats the same email/password combo as your appleID its user fault, they have been trying to force strong passwords but you would still have to change your old one and make sure its not duplicated.

would you blame google is someone hacked your gmail because you use the same login info for your twitter and and the security questions are answered from information from your profile

If your Twitter account is suspected of compromised activity, They lock your account and then prompt you to reset your password at next login, I'd expect apple to do no less

dingl_ said,
If your Twitter account is suspected of compromised activity, They lock your account and then prompt you to reset your password at next login, I'd expect apple to do no less

You're really grasping here... Apple is helping users locked out of their accounts. And again, this is the fault of a user using the same password from a service that was breached, not much Apple can do about that. I believe common attack vectors such as brute force are locked after multiple attempts. There isn't much Apple can do if someone already has your password.

dingl_ said,
If your Twitter account is suspected of compromised activity, They lock your account and then prompt you to reset your password at next login, I'd expect apple to do no less

if you log-in with the correct password and username how is that compromised activity, especially if it came from the same country or region.

most people can have their passwords reset just by answering security questions with answers found on public profiles. most people use the same weak password for all their accounts, if you know an email you could guess a password and have access to email, social media, itunes account, website membership if its the same login info

Commenting is disabled on this article.