User profile for user: Mersorure
Mersorure Author
User level: Level 1
8 points

Compromised account

Few days ago i received an email that someone signed in to an unknown to me device using my account and that if it wasn't me i should change my password - which i did. Once i was signed in i requested a copy of all my data that you have and it said that once it's ready for download i would be notified by email.

2 days later I get another email that AGAIN my sign in was used on another unknown to me device. So once again i change my password today, I also enabled 2FA and read the article:

https://support.apple.com/en-us/HT204145

Which says that i should review my details, alt email addresses and rescue phone numbers - WHICH ARE NOWHERE TO BE FOUND UNDER MY ACCOUNT. There isn't even a section for that.

In the same article it says that i should change my security questions and it links to the below article

https://support.apple.com/en-us/HT201485

Which tells me that to change my security questions i should go to iforgot.apple.com

But instead of this page allowing me to change my security questions, it sends me verification codes to both my mobile and email address and in the end asks me to change my password, without giving me the option just to change my security questions!!


Oh and remember that copy of my data request? Well, "it couldn't be completed". Why? Well, we're not gonna give you any reason, we're just gonna tell you to contact apple support to find out why.


[Edited by Moderator]







Posted on Apr 10, 2021 12:19 AM

Reply
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
144,857 points

Posted on Apr 10, 2021 1:35 AM

Other than not getting an account dump... I don’t see anything here that’s unexpected, particularly if your account was phished and breached, and particularly if two-factor wasn’t enabled originally. You have to log into the Apple, which means you will need a verification code once two-factor authentication is enabled, and if you’ve been breached then the password change—all passwords, if icloud Keychain is in use—will need updates—is to be expected.


The appleid webpage shows the security-related info including two-factor status and the trusted telephone numbers as listed in the support article.


If the iforgot requires you to change your password and verify your login before allowing further access, that’s what you’re going to have to do.


Here’s the account security team contact info: Contact Apple for help with Apple ID account security - Apple Support


And I’d tend to wonder if the account dump is simply disabled until you are fully back in control of your Apple ID—that info would be useful to someone seeking to wrest control, too.


Apologies on my previous reply too. Sorting through venting—to use your word—can be confusing to me”sometimes.

View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
144,857 points

Apr 10, 2021 1:35 AM in response to Mersorure

Other than not getting an account dump... I don’t see anything here that’s unexpected, particularly if your account was phished and breached, and particularly if two-factor wasn’t enabled originally. You have to log into the Apple, which means you will need a verification code once two-factor authentication is enabled, and if you’ve been breached then the password change—all passwords, if icloud Keychain is in use—will need updates—is to be expected.


The appleid webpage shows the security-related info including two-factor status and the trusted telephone numbers as listed in the support article.


If the iforgot requires you to change your password and verify your login before allowing further access, that’s what you’re going to have to do.


Here’s the account security team contact info: Contact Apple for help with Apple ID account security - Apple Support


And I’d tend to wonder if the account dump is simply disabled until you are fully back in control of your Apple ID—that info would be useful to someone seeking to wrest control, too.


Apologies on my previous reply too. Sorting through venting—to use your word—can be confusing to me”sometimes.

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
144,857 points

Apr 10, 2021 12:35 AM in response to Mersorure

You probably got phished for your password on that first message—Apple doesn’t send those—and yes, getting phished is no fun and ends badly. If you clicked on a link in that mail message and logged in, that probably wasn’t the Apple website prompting for your credentials. As for your Apple ID, now you know why enabling two-factor has long been recommended; it gives one more last chance to maintain control of the Apple ID,


Here is part of working to repair this: If you think your Apple ID has been compromised - Apple Support


And for completeness, we’re other users like you, not folks that work for Apple.

Reply
User profile for user: Mersorure
Mersorure Author
User level: Level 1
8 points

Apr 10, 2021 12:59 AM in response to MrHoffman

Thanks for not reading the word i said and for posting the same article i posted. I clearly said info there is misleading or inaccurate.


Also, i changed my password via applied.apple.com and that's where I enabled 2fa.


Lastly i know this is a forum, i wanted to vent here rather than spend hours trying to find a way to contact apple support by email, just to be sent to some live chat in the end where no one understands anything.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Compromised account

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up