Ben Grubb at the SMH:
Owners of Apple devices across Australia are having them digitally held for ransom by hackers demanding payment before they will relinquish control.
iPads, iPhone and Mac owners in Queensland, NSW, Western Australia, South Australia and Victoria have reported having their devices held hostage.
These person/s using the name “Oleg Pliss” are demanding $50-100 into a Paypal account before they will relinquish control of your Apple ID. They potentially hold the keys to remotely lock or erase your devices, so if you have received this message you should get in contact with Apple immediately.
For those of us who remember, this is a very similar situation that Mat Honan, a writer at Wired found himself in during 2012.
A friend of ours has confirmed that people affected by this hijack are coming into Apple Stores thick and fast today. Nothing confirmed for sure, but more than likely this was caused by a compromised password that has been re-used over multiple accounts including their Apple ID.
As for how these hackers got access to the passwords? Well, it’s hard to say. They could have picked them up from a variety of sites affected by the Heartbleed vulnerability, from the Ebay password breach, or from a variety of other compromised sites or services where a user’s email/password combo are identical to their Apple ID’s email/password combo. It’s also possible that there was a breach of Apple itself; at this point, we just don’t know.
Seeing this spread makes a pretty damn good argument for turning on 2 factor authentication on your Apple ID. Oh, and don’t re-use passwords anywhere. Just don’t.