Still wondering why I haven't been hacked.  The latest thing which I notice is that I have keychain turned ON on my iPhone, but OFF on my Air. So I have to enter passwords on each device when I change a password on either.

I'm not sure what happened in your case, but this isn't related, all. The facts are, a hacker has accessed user iCloud accounts somehow. Not devices. It's impossible to ssh into an iPhone or iPad without jailbreaking.

Yours is one massive conspiracy theory and even if were slightly true, more than spurious messages would have happened.

Conspiracy theories aren't helpful in this case.

I just posted this on an Australian forum. This is the closest I have come to a possibility. Would be interested on peoples opinions especially those with kids with devices linked to their Apple ID.

The Apple IDs compromised seem to have unblock-us.com as the common denominator. The few that didn't may have visited a WiFi network that had the unblock-us.com DNS set.

People use this to access BBC iPlayer, Netflix and ABC iView outside the geoblock. Its in the perfect position to intercept the passwords.

Exactly, hence nearly nobody from the USA got hit. And only a few from other countries most of which had visited here. No doubt they did not like Foxtel's stranglehold on content either.

A lot of people say they don't let their kids have the Apple ID passwords so they can keep an eye on what they are doing but all it will take is for their kid to go to a friends place that has unblock-us and use their wifi and bang. next time you put in the password you are done.

I think this is the key

The original idea came from another person on the forum not myself.

Any thoughts?

You're quite right, Andrew J, we should stop thinking about devices. So far as iCloud is concerned, if it helps to rule things out (I have NOT been affected remember):

1.  I have a strong, unique Apple ID password (albeit my ID is the same email address which I use for everything)

2.  I have 2fa (2 factor authentication) turned on.

I fear that the ABC chap who's just posted will come up with a story about Apple devices rather than looking at how people made their iCloud passwords available to our mate Oleg.

If you had read back in the thread, you would see affected users saying they have had no relationship with unblock-us. It's been discounted, as has eBay hacked passwords, Telstra and other connections. So far we haven't been able to find a common thread between affected users. My theory is still on people who use the same ID details on other sites or shared Apple accounts between family & friends. So far it has been a small number, so the common denominator may not be obvious.

I think you're right. Greg Mullers post has been deleted as, if he had read the terms of use, his touting for a media interview is a breach.

To you Greg Muller, if you're trying to sensationalize this as a filler story, you've come to the wrong place. Keep reading though, we might get you a story when we track down the source.

Hi veritylikestea,

This is an issue that has now spread though most  of Australian citizens.

Here is a letter from the Australian Government:

Ransom attack targeting Apple products - change your Apple IDpassword: SSO Alert Priority High

thats the thing Andrew, you dont have to have a relationship with Unblock-us. All you have to do is visit a friends house who does and use their wifi. You seem to have made yourself the resident expert in this thread yet you shoot possibilities down without thinking them through properly. How about you leave it to others who are more IT literate than yourself to comment.

That's fine, shoot the messenger, I don't mind, but have YOU thought it through?

IF. Unblock us is the cause, then each and every user would have had to type in their Apple IDs & passwords whilst being connected to the VPN service. Btw, unblock us use an IP routing service as well as a VPN service.

Now, given these things, Apple data between device and server is encrypted. How then is that encryption broken?

Apple devices have all data sandboxed from third party systems, so how then has an VPN service been able to bypass the sandbox?

I have thought it through. Yours the one who hasn't.

Let collect somewhere information together to understand trends.

My information:

4 Apple devices on one Apple ID account (macbook, iphone #1, iphone #2, ipad). Find My Phone enabled.

iphone #1 was bought into UK 4 years ago and activated overseas - no attempts to lock it

iphone #2 was bought in Sydney and activated in Australia  1.5 years ago and was hacked and locked

ipad was bought in the USA and activated overseas (5 years ago) - no attempts to hack it

macbook was bought in USA and activated in Australia less than year ago - was attempt to lock it

So I clearly see that devices which were hacked are not connected to Apple ID and password. Even if hacker had access to my Apple ID, he locked only devices which were activated in Australia. Devices on this Apple account which were activated overseas were not locked.

Becase it was a massive attack, they couldn't use manual access... Looks like they use some script and used list of devices to do it.

My personal opinion - may be Apple API was hacked and hacker didn't actually had passwords?

For what it's worth, this article

Apple iCloud and Activation Lock Hacked; Allows Hackers to Unlock Stolen Devices,  dated 21 May 2014

claims

"This is the first time when any hacker group has managed to compromise the highly secured Apple’s iCloud service."

http://thehackernews.com/2014/05/apple-icloud-and-activation-lock-hacked.html

Ok RVolkov, thats good information. The Macbook and Iphone that were hacked, were they activated on the same network? If so did that network use geoblocking? Did you go anywhere with a wifi network you hooked onto with geoblocking such as Unblock-us? Have you used the other devices that were not hacked on the same networks in Australia (wifi or ethernet)?

This is a bypass hack for stolen devices, where they can be restored and activated without going through the iCloud activation setup.

It's totally different to this particular situation.

To marumurak:

no, iphone was activated into home network, but macbook was activated in work network (our corporate network doesn't have connection to internet in Australia, it connected to USA via VPN and has Internet gateway there).

All my devices are working in my home wifi and in work network both, so devices which were not hacked also work in both these networks.

Also I travelled a lot in different countries during last several years and used there 2 my devices in different places - hotel wifi, restaurant wifi and so on. I used both devices - iphone which was not hacked and macbook which had lock attempt.

Never used something like unblock or other strange things - very common list of software, mostly for office/email work.