Hackers Using iCloud's Find My iPhone Feature to Remotely Lock Macs and Demand Ransom PaymentsOver the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone.
With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here.
<img src="
" alt="" width="800" height="600" class="aligncenter size-large wp-image-590840" />
Apple allows users to access Find My iPhone without requiring two-factor authentication in case a person's only trusted device has gone missing.
<img src="
" alt="" width="800" height="557" class="aligncenter size-large wp-image-590841" /><center>
2-factor authentication not required to access Find My iPhone and a user's list of devices.</center>
Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device.
<center><blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Y'all my MacBook been locked and hacked. Someone help me
@apple @AppleSupport pic.twitter.com/BE110TMgSv</p>— Jovan (@bunandsomesauce)
September 16, 2017 <script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script></center>
The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers.
Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.
<img src="
" alt="" width="600" height="618" class="aligncenter size-full wp-image-590843" />
<center>It's easy to lock a Mac with a passcode in Find My iPhone if you have someone's Apple ID and password.</center>To prevent an issue like this, Apple users should <strong>change their Apple ID passwords</strong>, enable two-factor authentication, and never use the same password twice. Products like 1Password, LastPass, and even Apple's own iCloud Keychain are ideal ways to generate and store new passwords for each and every website.
<center><blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">So a hacker gained access to my iCloud account (despite two-factor authorization) while I was asleep this morning.</p>— Jason Caffoe (@jcaffoe)
September 20, 2017 <script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script></center>
Users who have had their Macs locked will need to get in contact with Apple Support for assistance with removing the Find My iPhone lock.
(Thanks, Eli!)<div class="linkback">Tags:
hack,
Find My iPhone </div>
Discuss this article in our forums
<div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="
http://feeds.feedburner.com/~r/MacRumors-Front/~4/34N83ba6jT8" height="1" width="1" alt=""/>
Source:
Hackers Using iCloud's Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments
