Apple devices held for ransom, amid massive iCloud account hack rumours

Apple devices held for ransom, amid massive iCloud account hack rumours

Steve Ragan of CSO Online:

“On July 1, Alanna Coca noticed her iPad had started beeping. When she opened the cover, the lock screen had a message displaying a phrase in Russian – “Dlya polucheniya parolya, napshite na email” – followed by a Gmail address.”

“Roughly translated, the phrase was telling her that in order to receive a password, she’ll need to email the address displayed.”

Such attacks aren’t unusual (you may remember a message from Russian hacker Oleg Pliss popping up on some users’ iMacs, iPhones and iPads back in 2014), and are perpetrated by a hacker putting a victim’s device into lost mode after breaking into their Apple ID account.

A message sent by the hacker to the locked device asks for the victim to get in touch to arrange the ransom payment, and may even make a veiled threat that the device’s data will be erased if cash is not transferred promptly.

Sign up to our free newsletter.
Security news, advice, and tips.

What spices things up a little more this time is that Ragan reports rumours of a massive data breach at Apple potentially impacting 40 million iCloud accounts.

That may be nonsense, of course – it’s possible that accounts have fallen under the control of hackers because of less sensational reasons – such as poor password choices, phishing or reusing the same password on multiple sites.

What is clear is that some Apple users are having their devices hijacked by extortionists. So make sure that you have a unique, hard-to-crack, hard-to-guess password protecting your Apple ID account.

And, if you haven’t already done so, I strongly recommend enabling two-step verification on your Apple ID account to make it harder for hackers to break in.

Read more on CSO Online.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

4 comments on “Apple devices held for ransom, amid massive iCloud account hack rumours”

  1. Brett

    Thanks for this article. I woke up this morning to these messages on my iPhone and emails from apple saying "lost iPad and iphone" has been activated. So happy to know it was not only me.

  2. Yen

    Same thing to me…

  3. Sailorwind

    This happened to me on Monday on all my Apple devices. Important to note that you do NOT need to pay these people. Even if they erase your device, most Apple products have iCloud backups you can use. First step when you see this message should be to try and log into your account on the computer and change your password. Then you can log into iCloud and turn off lost mode on your device. You may still need to do an iTunes backup of your device, but Apple Support was very good about walking me through the whole process and my devices are all fine now, no money spent.

  4. Jackson

    This happened to me yesterday. I got three iCloud emails. They used the find my iPhone ability to send a message in english that pointed to a gmail account ([email protected] or something similar, I was tired and didn’t take the time to write it down). Luckily, I already had a code that they could not or did not change and only put a message about sending $50. I had email notifications set up.
    First I got the “Your Apple ID was used to sign in to iCloud via a web browser”.
    Then I got “Lost mode enable”
    Then I got ” has been found”
    Anyway, I spent the night changing passwords. None were the same to begin with, but with all the data breaches, I did not want to get caught unaware.
    The crappy part is I have to wait 4 days to enable two step verification with Apple. Also, a lot of online accounts still do not have this ability.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.