It's unclear if she was able to restore her device.On July 4, a woman in Kentucky asked friends on Facebook if they knew how to "disable the lost iPad feature, when you didn't activate it, it's no longer on your iCloud, and the ransom is in Russian?"
In June, someone on Reddit reported their iCloud account was compromisedand a ransom demand in Russian had appeared on their iPhone. Unfortunately, they didn't have current backups, so a factory reset would erase all of their saved data.
In fact, there were a least five other incidents reported in June. All of them had the same ransom demand and required contact with one of two different Gmail accounts.
On May 14, a software tester in Sterling, VA posted a blog about his experience with the ransom demands, after his Apple ID was compromised. That same day, another victim posted a warning on Facebook, urging friends to protect their iCloud accounts because of the same situation.
"Luckily I didn't have many apps loaded or lost," Coca said in an email to Salted Hash.
"It seems to be perfectly fine now," she added, explaining the aftermath of the incident. "I have since added 2-step authorization. I'm blaming my laziness in having the same password on several accounts (including recently-hacked LinkedIn)."
It isn't clear if recycled passwords are to blame in the most recent ransom cases, but it wouldn't be a stretch to assume so, as this was the suspected cause in 2014 too.
Recently, hundreds of millions of compromised usernames and passwords were published online. They come from services such as LinkedIn, iMesh, VK.com, MySpace, Badoo.com, and more. The odds that some of those leaked credentials are tied to active Apple IDs are good, and the LinkedIn list has already been tied to additional data breaches.
However, even if the leaked lists are not the source of the latest ransom demands, it's possible that Apple IDs were compromised during Phishing attacks or a recent data breach, such as the one at Mac-Forums.com.
According to the ad, the Mac-Forums.com database (one of three databases from a single company that's been compromised) is available for just ~$775.00. The website currently has 291,214 members.
HotScripts.com (1,000,000+ records) was also recently compromised, that database is selling for ~$1,900. These two databases could contain plenty of Apple IDs and recycled passwords.
Apple has published some advice for users who feel their Apple ID has been compromised. In addition, they encourage users to pick a unique password that is only tied to their Apple ID, as well as the usage of two-factor authentication and two-step verification.
Source: CSO Online
Sign up for CIO Asia eNewsletters.