User profile for user: mypostneedsattentionNOW
mypostneedsattentionNOW Author
User level: Level 1
14 points

Stolen IPHONE - iCloud Account Compromised and Locked by Thief

Hello Apple Community -


I'm writing this message because I need this to be brought to Apple's attention immediately. This is a cry for help - as my personal information and security is at risk.


Friday night my phone was stolen, and by the time I was able to log onto my computer to check Find My iPhone, the thief had accessed my iCloud, changed the password to my account, and began their tirade of transferring bank funds, making purchases with my Apple Pay, etc. They now have access to all of my data, pictures, texts, contacts, passwords.


The thieves were smart - once they logged into my iCloud and changed the password, they activated a Recovery Key (a 28 character key used to unlock an iCloud account with a forgotten password). A smart idea by Apple, however, this being used by thieves to make sure their victim cannot access their iCloud account.


It looks like the trusted phone number on my stolen iCloud is still my current phone number (which I have not changed). Because my stolen iCloud account is still active, I'm worried that any new texts being sent to my phone number are also being received by the stolen iCloud account. Previously, I had send and receive iMessages being routed to both my phone number and my stolen iCloud account.




On top of this, even though my stolen iCloud account has my phone number as the trusted number, I can't recover my account because of this stupid recovery key. Also, having recovery key enabled disables the ability for Account Recovery, so that isn't an option.


I know sophisticated hackers are out there, and you'd be a fool to think there isn't sophisticated software coming out to crack into locked phones. All I'm asking is for someone at Apple to provide answers. I've spoken with countless Apple Advisors and spent hours trying to combat this for my own personal safety, but I haven't gotten clear information.


I also wanted to add: I have an iPad that was a trusted device on my stolen iCloud account and it was logged into the iCloud prior to being stolen. Now, I can't sign out of my iPad's iCloud account - meaning, the thief has access to my iPad's location at all times as long as the device is on. I can't hard reset the iPad because it requires the password to my iCloud account, which I DONT HAVE.


All I want to know is:


1) Can the hacker still see iMessages directed to my phone number on my stolen iCloud account?


2) Given my phone number is the trusted phone number for this stolen account, can't something be done (a case being escalated, SOMETHING) so that I have a chance at getting my information back?



Any help / discussion is greatly appreciated. Thank you. Please lets get this in front of the higher ups at Apple because this is a genuine safety and privacy concern for all of Apple's consumers.


God Bless.


iPhone 13 Pro

Posted on May 29, 2023 5:33 PM

Reply
Question marked as Best reply
User profile for user: S2000_Racing
S2000_Racing
User level: Level 1
24 points

Posted on Oct 31, 2023 12:27 PM

There are quite a few that’s right off the top of my head:


  1. Security questions as someone aforementioned.
  2. Automated camera feed verification. 2D with ID or leverage Apples Face ID technology and hardware that’s already available.
  3. Some human review of login patterns and escalation path. Apple sells their devices for thousands of dollars and only small percentage of users would have to go through this horrible situation, so don’t tell me this is not economical for Apple. Sounds like Apple decided to cut cost on this front because it’s not something that will hurt their PR. Well, if enough users go to social media exposing this severely flawed system maybe they’ll finally invest <1% of their revenue on a better system.
View in context

Similar questions

21 replies
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
118,507 points

May 29, 2023 7:54 PM in response to mypostneedsattentionNOW

mypostneedsattentionNOW wrote:

Thanks MrHoffman,

I’ll use your link and continue to try and get a hold of my AppleID, but the problem is that the thief used a Recovery Key and without this the account is virtually unrecoverable at this point. I wish there was some sort of escalation process with this sort of situation. I just hope this thread eventually gets into the hands/eyes of someone with the power to make a change to this.


There is a reason I pointed you at that link. Use the specified link and try to get this sorted with Apple. But with that recovery key already generated, you're likely permanently locked out of everything, and will be starting over with a new Apple ID.

Reply
User profile for user: tking664
tking664
User level: Level 1
8 points

Sep 8, 2023 2:55 PM in response to MrHoffman

Expert thieves have ways to bypass an iPhone passcode, and once they do that, they can access your email accounts and change all your account info. In the event that happens, and the rightful iCloud account holder is locked out of his/her own email accounts (of which the passwords have already been changed by said thief) and doesn’t have a device to do 2FA, then how are we supposed to login to iCloud?


Once they gained control of my iCloud, they created the 28 digit recovery key which further prevents me from ever accessing my account. This is a flawed system. As an alternative to this 28 digit recovery key, there should be a series of personalized questions asked to the rightful account holder (which should be established as soon as an iCloud acct is first created) in the event that the recovery key is not found. This is my idea of an easy fix for Apple security to prevent their clients from being permanently locked out of their accounts

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
118,507 points

Oct 27, 2023 1:52 PM in response to S2000_Racing

S2000_Racing wrote:

I desperately need help, if anyone has any tips I would very much appreciate it.


And you could well be a scammer seeking to access the account too, for all I know. No one here has a way to determine if you’re being truthful or not. I expect some of the “forgot my Apple ID and password” discussions are folks trying to access a found or stolen iPhone, for instance. You’ll need to continue to discuss this matter with Apple. Or switch to a different Apple ID. A compromised Apple ID is not and never has been anything other than a mess.

Reply
User profile for user: S2000_Racing
S2000_Racing
User level: Level 1
24 points

Oct 27, 2023 5:14 PM in response to MrHoffman

Yes agreed, I could very well be a scammer trying to rob of someone’s account. There should be better verification options such as in person with ID verification, or at least video call options with ID verification, much like what a lot of government agency websites use. Apple’s method is very flawed, you completely lose your identity if someone has your device and simple 6 digit passcode.


I have recovered both my phone number and email accounts associated with my Apple ID for over 2 weeks, and each time used verification codes sent for password reset, I don’t understand the logic of resetting this 14 day waiting period everytime the robbers log in to my robbed phone. This seems to me like it’s only an automated system without human review.


If Apple conducts human review it’ll be obvious to see abnormal patterns of how the robbers are using my taken iPhone and Apple account - disabled find my phone, logged in only periodically to try to reset pass word on my various bank apps. All inconsistent with a normal user behavior.

Reply
User profile for user: Compromised77
Compromised77
User level: Level 1
8 points

Jan 26, 2024 3:51 AM in response to mypostneedsattentionNOW

I can identify with this story 100%. within hours of the stolen iPhone, the thief changed my Apple ID password and took full control of the phone. Issues of mark as lost, Find my phone etc were promptly disabled. Apple says to go to iforgot.apple.com and change the password immediately but once there you begin a recovery.


Iphone suspects you more than the thief going by the recovery questions subjected to me, the real owner. The trusted gadget to send code is meanwhile still with the thief hence apple will use other means/numbers to verify your claim.


The recovery period is days away depending on the information given. Meanwhile, the thief will have reached the credit cards, mobile money and done the damage. IPhone developers have to have a personalised security question that will make it hard for the thief to have a field day as is currently the case.


I lost my phone a week ago and I am yet to have access to my iPhone ID. Sad!

Reply

Stolen IPHONE - iCloud Account Compromised and Locked by Thief

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up