How to prevent hacking

I actually didn't go far enough with these steps.

You also have to assume your ex may have installed a keylogger or other malware on your Mac. It will be a complete waste of time to do all of the above if the first time you type in the new ID and password from the Mac, it gets passed onto him.

So, to add to the misery of a severe cleaning. Go through the steps of backing up your phone's personal data. The images and videos now MUST be copied to another drive since you're also going to be wiping your Mac.

On the Mac (assuming you have all of the same contacts there as on your phone), open Contacts. Select all names. Right click anywhere in the list and choose Export vCard. Save the file to the desktop. Make sure to copy that file somewhere off the computer's main drive so you can get back at it later. The same place as your stored iPhone images is good.

Make all other necessary manual backups from the Mac. Your emails, word processing documents, etc. Time Machine is useless here. You can't restore that for the same reason you can't restore your iPhone's backup. You'll just put any possible malware back.

Once you're certain all personal data has been backed up, restart the Mac and hold down the Command+R keys. When the work screen appears, go to the top menu and run Disk Utility. Choose your Mac's main drive at the left and choose to erase it.

With the drive now wiped, close Disk Utility. From the work screen, reinstall the OS. Once done, you'll eventually end up back at the Mac's desktop as if it's a new Mac.

The tedium continues as you restore all of your personal data manually from the backups you made. Again, DO NOT merge in a Time Machine backup. Reinstall all third party software only from the original disks, or purchased downloads.

Now create your new email address, followed by your new Apple ID and password linked to that new email account. If there was a keylogger or other method your ex could have possibly been using to watch your actions, they're gone now.

No, this is not fun. But wiping everything is the only way to ensure you've removed all possible means of seeing or capturing what you're doing.

When you restore the Contacts list on your Mac by importing the vCards you saved, there's a really easy way to get them back on your iPhone. Email the saved contacts file to yourself. Double tap the file on the iPhone. It will ask if you want to import all contacts. Say yes. Done.

Kurt Lang wrote:

Something that hasn't yet been mentioned.

You should be getting the police involved. Stalking is a crime. Hacking is a federal crime with major consequences. If you haven't started yet, don't erase anything. Let the police and/or FBI see what type of tracking software may be installed. It's the proof they would need to prosecute.

Totally. If your ex is doing even half of what they claim to be doing, this is a matter for the Police.

It may even work to evidence what they are actually doing to get the data. Likely as Mr. Hoffman points out they have access to an email or other verification method for the iCloud account.

Sydny92 wrote:

. Listen, all I need to know is if there is anything else I can do to protect my account before I just delete it all.

I don't know. You are asking if there's a way to protect an iCloud account from a mysterious hacking mechanism nobody knows about? How would anybody offer any advice about how to protect an account, if we have no idea what is being done to breach it.

Also, have you considered perhaps that he is lying, and your ex got the information some other way? And he's just trying to get in your head, and cause grief to you?

Otherwise, what you are saying is, Apple's iCloud server, one of the most secure services in the world as proven by many specialists publicly, and which to date has not been shown to have been breached in any way in any public media, is somehow hackable for $15 and nobody knows about this and has made it public? One of the most prominent companies in the world, and nobody has chosen to make this public if only for 15 minutes of fame?

2-Factor Authentication, makes the account as secure as it possibly can be.

This is not to say other accounts like social media are as secure. And also depending on your settings for your social media accounts, people may or may not be able to see what you post on their without actually being friends with you, or having been added by you.

Quite honestly, I don’t buy the Mobistealth statements. It’s marketing from them. Any company easily found of the web offering monitoring software that makes “the net” (from 1995 btw) seem real and genuine is pure BS. If Mobistealth could actually do what they say in that MotherBoard article claims, they’d have been sued out of existence years ago. Mobistealth is not some Uber stealth spyware - they advertise on PCWorld for crying out loud. They offer device and activity monitoring software, but in no more secretive stance than any of the other publicly advertised company’s offering such services.

I do not believe for one minute they can do anything without full user credentials for any device or web site they can monitor or access. And of course, if your full user credentials are known to people, then obviously your online accounts and/or devices may be compromised. But there is no mythical “dark web” hacking going on there.

The whole “dark web” thing just irks me - its crap - its nothing new or novel, going back to the days of dial-up BBS systems. It’s not new, it is not novel, it is not magical or mystical and its really not even all that secretive. It is impossible to shut down because it is global and thus beyond the bounds of any conventional law enforcement system. But it is a known and knowable entity, and most of what passes on it is information stolen by very conventional means - major web site hacks (Sony, Banks, Credit bureaus, Department stores - all the hacks we see week after week in the mainstream news) or stolen from peoples own unprotected or poorly protected electronic devices.

You wrote -

I do not believe for one minute they can do anything without full user credentials for any device or web site they can monitor or access. And of course, if your full user credentials are known to people, then obviously your online accounts and/or devices may be compromised. But there is no mythical “dark web” hacking going on there.

If op reveals all his credentials then it is possible to view the account , from the server end the securities are tightened and they can't control or enter through network , they must change all credentials hard reset internet service provider router , air port express if it is used , if any malicious software is installed straight away erase the hard drive and don't ever reveal your mail address to such persons who try to misuse the identity .

Start by reading this article:

If you think your Apple ID has been compromised - Apple Support

Enable Two-Factor Authentication:

Two-factor authentication for Apple ID - Apple Support

Note that once you've had 2FA enabled for more than 14 days, you cannot disable it.

You may want to change your password to a strong password that is not easy to guess by someone who knows you well.

You can even rename your AppleID to a new ID that it not easy to guess by your Ex. But it would quire a lot of work on your part. Does your EX have access to any of your trusted devices for 2FA?

I'd never heard of it, either. But according to Mr. Hoffman, it's possible. Given how much he knows about servers, I trust his findings. The link is a bit old (2017 and referring to iOS 10), but it's the general gist. That prompted me to look up more information on the subject. Interesting, and disturbing. Though it does still require knowing the Apple ID and password of the person you want to spy on.

His comments from another, similar topic.

What’s available now for stalking largely works by accessing iCloud backups, and that path avoids the need to install an app, and also avoids the need to jailbreak the device. There’s a lot of information stored in those backups.

Avoiding this access is part of why a separare Apple ID is involved.

Though there are cases where changing the Apple ID utilized will bring down the wrath of the stalker.

This is part of why a discussion with a lawyer can be useful, as the lawyers dealing with cases seemingly similar to this one can and usually do have some experience dealing with stalkers and stalkerware.

Related reading: https://motherboard.vice.com/en_us/article/4xpgnj/paranoid-spouses-can-spy-on-partners-ios-10-devices-with-icloud-backups

Sydny92 wrote:

My ex is hacking into my iCloud through the black market.

This statement does not make sense.

The black market sells illegal or gray area items, it does not hack accounts. That's why its a market.

Somehow through the dark web he is getting in and downloading all of my photos and is able to get into my social media accounts.

The Dark Web, is just a series of unlisted websites. The most he could be doing is securing the services of some hacker there, but unless he was willing to pay top dollar, for it, I doubt any hackers would be interested in hacking someones iCloud account.

On its own, the dark web is nothing more than a collection of unlisted websites that offer many different things, legal and illegal. Unlike how its portrayed in the movies, unless you are quite knowledgeable, its very unlikely you would even find anything relevant to hack into icloud accounts.

I need to know how to stop this ASAP

Since you have not provided any details that may help ascertain what if anything he may be doing to gain access to your accounts, its impossible for us to offer any solutions whatsoever.

Perhaps if you take a deep breath, step back and explain exactly what is happening and what leads you to believe he is in any way hacking your accounts we can help you out in stopping it.

Explain what you are seeing exactly, what is happening and why you think its him. The more details you provide the better we can help you.

Kurt Lang wrote:

That's the "hack", so to speak. Illegal software that is copied directly to Apple's server in the target account.

As far as I know that's not possible. There is no actual way to have running software on Apple's server inside a user account. More so, running software, and Apple not immediately knowing about it if its on their own server.

Kurt Lang wrote:

1. It doesn't take the black market to hack into an iCloud account. Only knowing your iCloud ID and password.

Then its not hacking, its simply accessing the account. However that would generate an email that would alert of such an event, if its being accessed from a device or computer that was not previously used to access it.

Once there, spyware can be installed to the account that can track everything you do.

Hmm, no. How would than even work? You can't install spyware on an online account. You can install spyware n a computer or jailbroken device, but not on the actual account.

Use iTunes to copy all music on your iPhone to your Mac. This may not help since they're tied to your current account.

That only works for items purchased from iTunes, that do not already exist on the iTunes library on the computer.

Everything else, is right if the objective is creating an entirely new account.

.

Then its not hacking, its simply accessing the account. … Hmm, no. How would than even work?

That's the "hack", so to speak. Illegal software that is copied directly to Apple's server in the target account. Once there, the person who placed it can keep track of all of that account's activity.

That only works for items purchased from iTunes, that do not already exist on the iTunes library on the computer.

Thanks. That's why I kind of left that one up in the air as "I'm not sure." I've never purchased anything via iTunes, and likely never will.

Sydny92 wrote:

Listen, all I need to know is if there is anything else I can do to protect my account before I just delete it all.

Did you read the links I provided?