Hackers are locking out users from their iPhone and MacBook despite having two-factor authentication turned on by exploiting Apple's "Find My" feature, holding the devices ransom.
To return access to their rightful owners, the cybercriminals are demanding payment in Bitcoin, which is their preferred currency due to its hard-to-trace nature.
iPhone And Mac Users, Beware
According to MacRumors, hackers logged in to users' iCloud accounts and remotely locked their iPhone and MacBook with the Find My service on iCloud.com by enabling Lost Mode. In other words, the perpetrators need only a user's credentials to set a passcode and lock them out of their devices even when two-factor authentication is active.
Users have taken things to Twitter to spread the word while also providing a closer look at the situation.
How To Stay Safe From Hackers
At the moment, there's no easy solution for the iPhones and MacBooks that have already fallen victim to the hack. Users will either have to contact Apple Support and find a fix or go with a brute-force attack to log in and crack the code, but until then their devices will be as good as paperweights.
Now to steer clear of it, the simplest way is to disable the Find My feature for now.
First, to turn off Find My iPhone, head to the Settings app and then to iCloud. There, toggle the Find My iPhone feature and enter your Apple ID password to turn it off.
Meanwhile, to turn off Find My Mac, go to System Preferences and click on iCloud. After that, deselect Find My Mac.
Take note that you'll need to do this to each one of your devices since it'll only turn off the service on the device you're using.
Also, for good measure, change your Apple ID password and don't use it across multiple places, turn on two-factor authentication, and use unique, hard-to-crack passcodes — or put differently, don't use any of 2016's most common passwords, such as "123456."
What Is The 'Find My' Feature Again?
As a refresher, Find My iPhone and Find My Mac were designed to help users, well, find their devices when they lose them.
It's a feature that lets them lock the devices to discourage theft, keep their personal data safe, and even send a message that can, perhaps, provide details on how the finder can return them to the owner.
The thing is, the hackers abused how the feature can remotely lock devices just by knowing a user's login credentials.