My email was compromised and then my icloud was compromised, I have 2fa enabled on my iCloud where I need to approve each login with a code that is generated on one of my devices. How can this be possible?
Usual path here is phishing for the two-factor authentication code, or access via a trusted telephone number, access by SIM cloning or some other compromise with your cellular provider, or a local security compromise.
But this all seems best discussed directly with Apple.
Contact Apple for help with Apple ID account security - Apple Support
unknownworry1 Said:
"My iCloud was compromised even though I have 2fa enabled?: My email was compromised and then my icloud was compromised, I have 2fa enabled on my iCloud where I need to approve each login with a code that is generated on one of my devices. How can this be possible?"
-------
Someone is Apparently has your credentials. So, Where to Go from here:
I. Verify your Devices:
Go Here: View or Remove your Associated Devices on a Mac or PC - Apple Support
Try "Deauthorize All" Button:
Note that you have to wait one year to deauthorize all devices at once. So, try using the "Deauthorize All" button.
II. Unexpected Mail:
With Security & Privacy being of High-Concern here, consider modifying your credentials, immediately. Pefroming the following is best at this point. So, Consider...
SIM cloning is not what you think it is, and has reportedly been used in these cases.
As this seemingly involved a two-factor breach, contact Apple Account Security.
Not useful here, but high-value wallets are best kept offline.
Most wallets for that matter, unless they’re being used for breach detection.
They cannot, unless they have a trusted device. What makes you think your iCloud was compromised?
A report of SIM swapping attacks arising at T-Mobile posted today:
Hi Muguy,
Yes I've read the above, but it doesn't explain how my iCloud could be accessed when I have 2fa enabled?
I understand if my email account and password is compromised but how can someone overcome the 2fa?
Regards,
J
I received an email stating so:
"Your Apple ID (********) was used to sign in to iCloud via a web browser.Date and Time: 25 December 2021, 8:44 am PST
If the information above looks familiar, you can ignore this message.If you have not signed in to iCloud recently and believe someone else may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.Sincerely, Apple Support"
I had sensitive information stored in my icloud, the hacker was able to gain access to some crypto I was holding.
I have all the the trusted devices with me, I don't understand how this could have been by passed? I'm using Mac book pro laptop and and iphone 12
Hi MrHoffman,
Thank you for the reply. I was sleeping when it happened so I don't believe phishing could be an option.
I've heard of sim swapping, where the hacker takes full control, ie ports the phone number over. But in my instance, I have control over the sim card still, so it doesn't appear that I was sim swapped, but perhaps sim cloning is something different? Where the hacked could receive the text meant for my number while not taking full control over the number?
See the related article above.
My iCloud was compromised even though I have 2fa enabled?
