It had been speculated that this was only possible due to an iCloud hack, since it wasn’t single devices that were targeted, but groups of devices associated with the account. However Apple has since stepped forward and claimed that this is not true, and that iCloud had been hacked. In a statement released by Apple, “Apple takes security very seriously and iCloud was not compromised during this incident.”
Apple later mentions that those affected should change their passwords immediately and to go to an Apple Retail Store or get in touch with AppleCare for further assistance. “Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.”
So far those who have already had a passcode set on their devices appear to be safe from this hack, since Find My iPhone only lets users add passcodes if there wasn’t one set already. Like we mentioned yesterday, if you did not already set a passcode, you should probably do it now, because for all we know the hack could still be going on and you could be the next victim.