http://theinquirer.net/inquirer/news...sers-to-ransom

""If customers have any questions about their Apple devices, they should speak directly to Apple," while Vodafone said that those experiencing the issue should "speak with Apple as they are best placed to offer comment on their services".

The networks are blaming Apple but, unless someone corrects me, for now I would say it looks best to turn off the feature.

Wow will be turning that off until some certainty arises. Very worrying

Enable two step verification. That will stop anyone using your account on an unverified device.

Rumours have it that iCloud is compromised, at least for affected users, and it is done via there.

http://www.digitalspy.co.uk/tech/new...ng-ransom.html

Even having a passcode will let you resolve the problem. Panic over

I can get back to dealing with the ebay hack now.

Even changing your password will let you resolve the ebay problem.
Double panic over maybe.

I say MAYBE because the full info source on this issue is quiet. That being Apple.
Rumour is not a resolution just like rumour does not always confirm a problem.

At the mo it looks like a double move to go to 2 step and turn off find my phone is currently the best move.

2 step verification is a good idea anyway. They can get hands on your password, but it will be useless. Apple should prompt their customers to do it.

So Apple still make you wait three days before you can actually activate two step verification? When I first set it up I had to wait three days to activate it. What sense does that make?

Until Apple figure out how this is happening we're all playing guess saying 'turn this feature off' of 'turn that feature off'.

After just ten minutes on google I've already been advices to turn off iCloud. Find my phone and change my passwords for pretty much everything.

No I don't think so. I activated 2-step over a year ago, i'm certain it all happened instantly.

Yes they do.

Just gone through it with a friend and she had no idea what it was. Told her to come back on the 30th to activate.

Details are very sketchy at the moment. It could be passwords being compromised somehow. Getting hold of an iCloud password you could utilise the Find My iPhone service to lock the device and push a message to and create a PIN.

It doesn't seem that widespread at the moment, mainly in certain states of Aus. What I have noticed in recent months is a definite increase of phishing emails purporting to be from Apple (complete with spelling mistakes and all sorts of basic errors) asking you to reset your Apple ID password with links going to all sorts fake sites.

What's interesting is that Paypal have confirmed that no account is associated with the address the hack is allegedly demanding payment on.
http://www.idownloadblog.com/2014/05...-in-australia/

Fair enough not tried it recently, but definitely didn't need this delay originally.

In what way do they deliver the code? With MS account you can choose an app, email, or text. It also switches immediately. There is no reason why Apple could not do it as well. I'd wait with changes to email and phone numbers, but when somebody else gets in they can do more damage than to turn on 2 step verification.

Methinks with Apple iMessage involved too, 2 step via a text needs to be implimented more slowly or maybe not via that method.

I can see why they are cautious.

Bloody ridiculous waiting time. 24 hours maybe but what possible reasons could there be for a three day wait time.

If Find My Phone is turned on, the code is pushed as a popup on your trusted device(s). Otherwise SMS is used.

http://support.apple.com/kb/ht5570 (according to that the waiting period to set up 2-step verification is when significant changes were made to your account info)

With delaying this change for three days they keep the accounts vulnerable. They may want to inspire themselves by MS. You can use an authenticator app that is paired up with the account and generates codes even when offline.

But I don't want to turn off find my iphone, knowing my luck if I turn it off I'll lose the phone tomorrow lol

I activated two step verification earlier today and it was done instantly. Must've been a deluge of accounts wanting two step enabled for the wait to be imposed.

2 step login is one thing. The question is how the hacker gets into one's Apple account. Stolen passwords or something worse? There was a report of such a vulnerability a while ago. Or is this Apple's own Heartbleed.

Seems not limited to just iphone too. Not going to be happy if Apple respond with their usual 'speed'.

There was the goto fail bug which made the news a few months ago, but apparently existed for long time, which was Apple's SSL/TLS vulnerability. Although it's since been patched, perhaps some passwords were compromised using that?

I suppose it could be anything, but I would think the most likely option is passwords stolen elsewhere that users also had for their Apple ID.

This sort of thing happened with Tesco a couple of months ago. They were slated for being insecure but it turned out to be hacked data from somewhere else being used to access Tesco accounts.

They sooner make the hacker give them 30% cut It's always such a hush-hush operation with them.