It's beginning to look like some rather sophisticated hackers have made their way into Apple's core and crippled iCloud security so severely that some iPhones have essentially been held hostage. A few iPhones here and there might not seem like a big deal, but ultimately, there could be a staggering 40 million iCloud accounts (approximately) at risk here.
According to CSO Online, some iPhone users, dating back to February this year, have found their devices compromised, held hostage by Russian hackers. The attack is almost too simple. An iCloud account is broken into (with the help of leaked credentials), and the service's "Find My iPhone" feature is used to put the phone into Lost mode. From there, a message is sent through this feature to the user, demanding funds if the user wants their phone to be released from the hold - which, of course, is what most users would want.
The interesting thing about this attack is that the amount of money demanded is so low - between $30 and $50 - that most people might just cough it up to quickly ease the pain and get their iDevice back (there is potential for any iCloud connected device to be compromised). If a slew of iCloud accounts are breached, you can multiply that $30 - $50 by 1,000 or even more, and the scheme suddenly looks rather lucrative to the hackers.
If you're an iCloud user, you shouldn't panic just yet, however. While reports and rumors claim that over 40 million accounts have been breached, some security experts are claiming that the figure has to be overblown. It does make sense; if that many accounts were in fact breached, and thousands or tens of thousands of people were suffering these ransom messages, surely we would have heard more about it by now. That's not a blip that would escape Apple's radar, as you can imagine.
If you want to err on the side of caution (which is never a bad thing), we'd heavily encourage you to immediately change your iCloud password, and if you haven't already, enable two-step verification. You can take care of both things inside of your iCloud settings screen.
HotScripts.com is alleged to be one forum to experience a database leak
However, unfortunately the breaches don't end there. In a separate report, three popular Web forums have also had their databases leaked, which gives the scope of this attack a bit more weight. Those sites include WebHostingTalk.com, HotScripts.com, and MacForums.com. As is typical for a database leaker lately, these databases are being sold on the Dark Web, with the HotScripts database in particular going for just under $2,000. To some, that might seem like a heck of a deal for instant access to more than a million accounts' worth of data.
It's not confirmed, but these 40 million iCloud accounts - if that number does prove to be accurate - could have begun with the above mentioned forum database leaks. At this point, all we can do is wait and see what is revealed in the weeks ahead, aside from changing your passwords and enabling two-step, of course. With each one of these new attacks that to light, the need for such simple security measures becomes ever more apparent.