Australian Apple-product connoisseurs awakened on the weekend of May 23rd to find their devices digitally held for ransom by various Russian-sounding aliases demanding $100 to relinquish access. The first person affected by the hack posted in the Apple support forum under user-name Vertiylikestea stating that her iPad woke her up at 4:30 am with what sounded like a morning alarm, accompanied by the message: “Your device has been hacked by Oleg Pliss.” Since then, a number of users, mostly Australian, flooded Apple’s support board with similar complaints, stating they were hit across multiple Apple device simultaneously.
Users were prompted to send $100 to a PayPal account in order to regain access; failure to do so after logging in resulted in the immediate deletion of all content stored on the device. User Deskokat attempted to log onto his or her PowerBook after noticing the iPhone message and writes, “I then signed in to my PowerBook ─ but as a guest user ─ VERY grateful I did. Message to say I'd been hacked there too, wouldn't let me sign out without erasing all data for that user. As there was nothing but a couple of expendable files on there, I signed out. And the guest user portal has been erased.”
It was later confirmed that users who complied with the hackers’ demands were returned access to their accounts. PayPal even offered to reimburse the victims for the $100 lost, a tab that Apple should have picked up.
Performing an Internet search of the name “Oleg Pliss” yields a few real people, one a software engineer at Oracle and the other a banker in Ukraine; it is likely the hackers used randomly generated names.
IT security expert Troy Hunter told the Sydney Morning Herald , the media outlet which first broke the story, that hackers were most likely using login credentials obtained from the recent Apple data breach. He recommended that people prone to using the same password for multiple online services ─ as is most often the case ─ change their passwords to avoid suffering the same fate as Wired writer Mat Honan, who lost access to his entire digital footprint because he used the same password throughout.
Via Smh.com.au