updated 10:05 am EDT, Tue May 27, 2014
Owners with passcodes may be safe
A number of Australians are finding their iPhones, iPads, and/or Macs locked and held for ransom by one or more hackers, according to the Sydney Morning Herald and Apple's support forums. Victims are getting Find My Mac/iPhone notifications saying their devices have been hacked, and asking for a certain amount of money to be sent to a PayPal account before the hacker(s) will unlock them. A recurring name used in the attacks is "Oleg Pliss," but that's believed to be an alias.
People with passcodes enabled have reportedly been able to unlock their devices in spite of the ransom demands, but people without that security have fallen prey. Complicating matters further is that the PayPal account people are asked to send money to may not even be valid. In one instance, at least, a person was asked to send money to email@example.com, but PayPal says that the email address isn't actually linked to a PayPal account, and is promising to refund money sent by anyone whose device is being held ransom.
iPhone owners that have contacted local carriers Optus, Telstra, and Vodafone have generally been asked to contact AppleCare instead. Conflicting messages have come out of Vodafone; one person says he was repeatedly told "iPhone can't be hacked," but officially the carrier says it hasn't received any support calls. A Telstra spokesman says he has referred complaints to Apple.
It's unclear how Apple ID accounts are being hacked, but one proposed theory is that recent data breaches at businesses other than Apple have allowed hackers to discover passwords some people are reusing with their Apple IDs. Two-factor identification can stop that sort of attack, but not everyone has it enabled. In the meantime, people with compromised accounts should be able to regain control by talking to Apple, after which they can set a new password.