Original Link: http://www.theverge.com/2014/5/27/5753726/find-my-iphone-hack-australia-ransom

![Apples Find my iPhone feature exploited to hold devices hostage](http://cdn.rogerstringer.com/wp-content/uploads/2014/05/findmyiphonehack.jpg "Apples Find my iPhone feature exploited to hold devices hostage”)

Tom Warren, writing for The Verge:

Some iPhone, iPad, and Mac users in Australia are waking up to ransom messages declaring that their devices have been hacked. Several posts on Apple’s official support forums reveal that fraudsters appear to be using the Find my iPhone feature to send messages and lock devices. “Device hacked by Oleg Pliss,” reads one message on an iMac, and others have received notices demanding a $50 PayPal payment to unlock an iPhone. While some who have experienced the unusual attack have been able to unlock their devices, others are seeking help from Apple and carriers to regain access to their phones.

It’s not immediately clear how pranksters are gaining access to the Apple IDs to take over the devices, nor why the reports are localized to Australia. It’s possible that hackers have obtained access to a leaked list of email addresses and passwords, exploiting the fact that many people will reuse the same account details for their Apple ID. Database breaches are becoming far too common, with eBayAdobeYahoo, and Target all falling victim in recent months. This latest incident serves as a good reminder to enable two-step verification on an Apple ID, and to never reuse the same password across multiple accounts. We reached out to Apple for a statement, but a company spokesperson declined to comment.

Two-factor authentication is critical. If you have not set it up, here’s the place to start.

I’ve been building two-factor authentication into all of my services lately, and when a service offers it, I always enable it. This is a good lesson why you should use it…