updated 09:37 am EDT, Wed May 28, 2014
Re-use of credentials suspected in ransoms; Apple, Paypal assisting
Apple has responded to reports of primarily Australian OS X and iOS users finding devices "hacked" and locked out by miscreants abusing the "Find My iPhone" feature. Apple has issued a statement on the matter, denying the potential of iCloud security having been breached, and suggesting users change Apple ID passwords and avoid re-using credentials across multiple sites.
Victims woke to find devices alerting them that they had been hacked with a Find My iPhone or Mac notification, demanding a ransom be paid to one "Oleg Pliss." Users with passcode security were able to unlock the devices despite the lock -- a feature of the "find my iPhone" lock.
Apple's response says that the company "takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store."
Apple has been assisting users who recieved the extortion message unlock devices. Additionally, Paypal reported that the email target for payment "firstname.lastname@example.org" wasn't linked to a valid account, and the service has been refunding users who paid the ransom to the attacker.