Victims in Australia and New Zealand woke up early Tuesday morning to find a message from Apple’s “Find My iPhone” service. No, they didn’t pick up someone else’s phone by mistake: the message instructed them to send money via PayPal to an e-mail address without a live PayPal account. People could simply type in their regular passcode or sync the phone to a computer.
Today, the problem spread to some iPhone and iPad owners in other countries, including the United Kingdom and United States. Apple wants everyone to know that whoever is behind the ransom demand, it’s not because of a breach on their end.
In a statement to ZDNet, an Apple spokesperson said:
Apple takes security very seriously and iCloud was not compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.
My devices have been hacked. What do I do? [Apple Support Forums]