Slashdot Mirror
Apple Devices Held For Ransom, Rumors Claim 40M iCloud Accounts Hacked; Apple-Related Forums Compromised (csoonline.com)
Steve Ragan, reporting for CSOOnline: Since February, a number of Apple users have reported locked devices displaying ransom demands written in Russian. Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts. Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple." The message goes on to state that the alleged breach was conducted by a Russian actor, and vector "seems to be via iCloud to the 'locate device' feature, and is then locking the device and asking for money."In a separate report, the publication reports that three websites owned by Penton Technology -- MacForums.com, HotScripts.com, and WebHostingTalk.com -- have been compromised and their databases are now being sold on the Darknet. While nothing is confirmed, there is a possibility that some of the rumored 40M compromised Apple ID credentials may have come from these forums, or from LinkedIn's recent hack.
This doesn't even make sense. There's no way these sites were using AppleID accounts, or collecting them.
Now, reverse engineering based on login is possible, but that's user stupidity, not Apple's fault that people use the same log in for multiple things.
There are two types of people in the world: Those who crave closure
These are not "compromised Apple ID credentials"... they are compromised email addresses and passwords for for OTHER mac/apple related websites... so if you're dumb enough to reuse your Apple ID email address and password on those sites they might match up.
(and modded -5 in 5.. 4... 3... 2... 1... see ya!)
Posted at 1:48 PM Pacific Daylight Time; it is now 2:21 PM Pacific Daylight time, and its current score is 2.
So either it was modded -5 and then un-modded, or it wasn't modded -5 at all.
ah, trolls. It was tempting to mod you appropriately (I have the points), but I dislike down-modding and reserve it for the never-give-up (like APK). Do you understand how your smug and self-conceited claim to be moderated into oblivion was, at best, a self-fulfilling prediction (after all, you posted a troll comment, so why would the comment not be moderated as such?)
This "local Apple fanboy" wouldn't happen to be a figment of your imagination, would he? I mean, such a creature is possible, but considering you are completely ignoring the reported facts you are either a bigger troll than you look, or so self deluded in your hatred of Apple that you are blind.
Many normal users (who, by the way, are largely *windows* users simply due to the weight of numbers -- platform really is irrelevant) use a single, bad password for everything. So when linkedin gets hacked and their bad password is cracked -- the bad guy now has the password and can do anything the user can do with the password. Which, for iOS devices, includes locking the device and posting a message.
Is Apple wrong to empower its users with this in case their device is lost?
Is Apple responsible for users selecting weak passwords and then re-using them?
Is Apple responsible for the security of unrelated third parties?
Unless you can answer yes to all of those then Apple is not responsible. And I'm very glad that we do not live in a world where any of those are true.
This doesn't even make sense. There's no way these sites were using AppleID accounts, or collecting them.
Seriously, it is not even in the realm of things that are possible that someone who prefers using devices that are marketed as "it just works" would use the same credentials on multiple services. In fact, such a thing is literally inconceivable. It's so inconceivable that I don't even know what I'm talking about. None of this makes sense.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black