Hackers Using iCloud’s Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments

Juli Clover reporting for MacRumors:

Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone.

With access to an iCloud user’s username and password, Find My iPhone on iCloud.com can be used to “lock” a Mac with a passcode even with two-factor authentication turned on, and that’s what’s going on here.

Apple allows users to access Find My iPhone without requiring two-factor authentication in case a person’s only trusted device has gone missing.

And this, my friends, why you should never used the same password accross multiple sites. It’s also a great idea to use a password manager — such as 1Password or Apple’s own iCloud Keychain — to be able to make longer, more secure passwords and not have to remember them all.