Hackers are using ApplesFind My serviceto remotely hold devices for ransom,reports MacRumors.
Multiple people have tweeted about stolen accounts in the past week.
Two-factor authentication does not prevent the hack.
The Find My service is meant to help you recover your phone or computer if its lost or stolen.
It also lets you remotely lock your gear.
This is supposed to deter theft, since it makes the stolen phone useless.
All they need is your username and password.
But how did hackers get these peoples passwords?
And they found the poor suckers who re-use passwords.
Here, according to one Twitter user, is how a ransom note looks on a hacked Mac.
I went to iCloud.com and signed in with my username and password.
When the site asked for my two-factor authentication, I clicked Find My iPhone and enabled Lost Mode.
I entered a message and sent it to my now-locked phone:
Easy peasy!
So how do you prevent this happening to you?
And if youve ever used your iCloud password for a different service, change it now.
Tap the equipment youre on.
Tap Find My iPhone and toggle to Off.
(Youll be prompted to type your iCloud password.)
(Youll be prompted for your password.)
Instead of Find My gear, use a passcode or password on all your devices.
Create a secure, unique iCloud passwordand store it in a third-party password management app like1Password.
We dont recommend using iCloud Keychain, since Apple customer service hands out your iCloud password so easily.
Nor do we recommend your browsers password-saving feature.
Remember, this hack is why you dont reuse passwords.
Your password is only as strong as the weakest site you use it on.
Dont let a hack of BullshitSocialMediaSite.biz give people access to your bank account.
Call Apple customer service immediately.
Update 9/21/2017 at 12pm ET:We continued testing Find My equipment.
We found that Find My iPhone couldnt lock an iPhone that already had passcode protection.
But it could enable a new passcode on a phone that previously had none.
We successfully used Find My Mac to remotely lock a password-protected Mac with a new passcode.
Update 9/21/2017 at 5pm ET:Weve updated our headline to avoid implying a one-step quick fix.
We stand by our advice to turn off Find My Mac.
