Some iPhone users, dating back to February this year, have discovered that their devices have been compromised, and are held hostage by Russian hackers. The attack is almost too simple. An iCloud account is broken into (with the help of leaked credentials), and the service’s “Find My iPhone” feature. “It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it. In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they’re told they have 12 hours to comply or their data will be deleted,” said CSO security blog Salted Hash. If a slew of iCloud accounts are breached, you can multiply that $30 – $50 by 1,000 or even more, and the scheme suddenly looks rather lucrative to the hackers. Earlier this week, a security professional posted a message to a private email group requesting information related to possible compromise of at least 40 million iCloud accounts. Salted Hash started excavating on this story after the email was received. In it, a list member questioned the others about a rumour concerning “rumblings of a massive (40 million) data breach at Apple.” The message goes on to state that the alleged breach was carried out by a Russian actor and vector “seems to be via iCloud to the ‘locate device’ feature, and is then locking the device and asking for money.” The report adds that “for now, let’s assume there hasn’t been a massive iCloud data breach.” Apple has not commented on the matter. Given that the Apple ID credentials involved in the ransom attacks are believed to originate from online security breaches, Salted Hash pointed towards a recently compromised Mac-Forums.com database, which allegedly includes 291,214 accounts, being sold for around $775 on the darknet. However, some security experts are claiming that the victim count of 40 million is likely way overblown. It does make sense, because even if only a small percentage of the list were being attacked, a few hundred thousand victims within a few months would standout like a beacon. In short, there would be no way to keep such attacks under the radar. That’s not a glitch that would escape Apple’s radar, as you can imagine. At this point of time, there is no evidence to suggest that the Mac-Forums database has any relation to these ransom attacks. However, if you wish to tread caution, it is highly recommended that you immediately change your iCloud password, and if you haven’t already, enable two-step verification. Both these changes can be done inside of your iCloud Settings screen. Source: CSO Online