Hackers are remotely locking Macs using an Apple ID and password even with two factor authentication enabled. Anyone who re-used a password as their Apple ID password and another password should change their Apple ID password immediately.
Over the last week, and with an uptick in the last 24 hours multiple reports of remotely locked Macs appeared from users, even with two factor authentication enabled. The hackers appear to be using Find My iPhone services to see a list of Macs and lock them with a passcode. You currently do not need the two factor authentication to login to Find My iPhone and put a lock on a device.
When locked, users see a request to send the equivalent of $50 in bitcoin to an address and then the hacker will share the six digit code required to unlock the Mac. Apple is working with some of the users who are dealing with the problem. You can see some of the reports below.
I've been hacked and locked out of my MacBook through iCloud. I need to swear very loudly. https://t.co/8gV10g84Vp
— Daryn (@darynsimon) September 18, 2017
So a hacker gained access to my iCloud account (despite two-factor authorization) while I was asleep this morning.
— Jason Caffoe (@jcaffoe) September 20, 2017
MY MACBOOK JUST LOCKED ITSELF. WHAT THE FUCK.
— Reza 2.0 (@reallyevilspawn) September 20, 2017
— Jovan (@bunandsomesauce) September 16, 2017
If you may have re-used your Apple ID password on another website, now is a very good time to change your password. At this point it doesn’t appear that Apple servers are hacked, but if you’ve used this password elsewhere it’s only a matter of trying the right combination on the Find My iPhone tool.
Apple outlines how you can change your Apple ID password on a computer or on your iPhone or iPad. Now is a good time to use Safari passwords, Lastpass, 1Password or another tool to create a secure Apple ID password.