How to recover hacked Apple Account?

Hi. I was in a very similar situation this weekend.

I have a old account that I forgot I had with a very stupid password.. I'm not that person anymore ahah.

I've received a email from apple saying that my billing information was changed.

I can't say for sure if the security questions were changed or I can't remember that, but still I was not able to retrieve them. And was not able to login to apple account (web) because I didn't have the answers ( I was also not able to change them, "not enough information")

Still if the hacker did not added a a phone as double factor authentication you may still be able to retrieve control of your account.

Apple Support was no help at all because they said the only way to get control of the account was to setup double factor authentication, at 1st was not able to do it because the region was changed to mainland China and I don't have any Chinese number ..

The call was ended with the woman saying the account was lost forever...

I was not happy with my email and information to be in the wrong hands.. with 4days searching for a way to solve it i managed to do the following.

Reseted your password via your email. (Immediately after receiving the apple email)

Using an iPhone from someone else I logged in to media and purchases apple account.. (all in Chinese now, I had to use google translator)

Navigate to region tab and select my country. (Not easy at all since it was on Chinese)

You will need to setup payment information (please use a virtual credit card and cancel it after it, to be sure the hacker can't get any useful of it)

I entered all fake info (street address, postal code, city)...

I was able it to change the region to my country of origin

After that I logged out and logged in again and when I was asked to activate the 2f authentication I entered my phone number and managed to get access to the account again.

I went to privacy.apple.com and submitted the account for permanent delection.

I'm sorry for my English, hope this can help someonelse

My account was hacked with similar issue. I am able to recover and delete my account. Below are the steps.

These steps work if you have access to the email and able to change the password.

You can login to Apple account but not able to continue beyond the security questions screen.

Use an iPhone (This process did not work on Mac, it worked only on iPhone)

Go to Settings

Go to Apps

Go to Mail

Tap Mail Accounts

Add Account -> iCloud

Enter your compromised account Email & Password

It will prompt to setup 2 factor authentication using the phone number of the iPhone

Go ahead and setup 2 factor authentication

It will login successfully, setup 2 factor auth and add the Mail account.

Once above is finished and 2 factor is setup using your phone number; you have full access to the account.

Below two are useful links if you want to delete the account after you have full access with 2 factor auth.

If you think your Apple Account has been compromised - Apple Support

How to delete your Apple Account - Apple Support

The recovery you read about is for accounts who have two factor authentication security. Since you use security questions you do not have this type of security and cannot use its account recovery process.

Instead do you have a device still signed in to the same Apple ID and can you turn on two factor authentication following Two-factor authentication for Apple ID - Apple Support ?

Unfortunately that means you are out of luck. Apple is strict with their account security and the use is in full control of their Apple ID only.

Your option now is to submit proof of ownership of the phone to Apple to request they remove the Apple ID from the phone do you can start as new Apple ID. How to remove Activation Lock - Apple Support

yuricrona wrote:

Same issue with same security question language. +1

Confirm your trusted devices and trusted telephone numbers are correct for your Apple ID at https://appleid.apple.com/ and then enable two-factor authentication, if that was not already enabled, as enabling that (after two weeks) eliminates the security questions.

I’d also change the Apple ID password, and other passwords, as this Apple ID has been compromised.

If you think your Apple ID has been compromised - Apple Support

Password compromises and phishing and weak passwords are fairly commonly exposed unfortunately, and two-factor authentication provides one last chance to block account access.

If you can’t change your password and can’t enable two-factor authentication, you’ve lost control of this Apple ID, you’re headed for another Apple ID.

If this Apple ID was ever yours, of course. Folks making these reports can be miscreants seeking to gain access to somebody else’s Apple ID, and nobody here can tell if this request is legitimate, or if this is another example of social engineering. Which is also why not having two-factor enabled and then losing control ends badly.

I have exactly the same problem, same chinese hacker script kiddie that have replaced the security questions and all other things on the account EXCEPT the email address, so I still get all the "Information has been updated" emails and I can each time do a (successful) password reset. Then the next day the hacker re-runs the script and so on. This loop has happened at least 10-15 times the last month for me.

OBVIOUSLY Apple could see that this is a hack if they just looked at the account change history. But their support can't access this info and I get why - it wouldn't be good if low/mid-level support guys (of which I'm sure there are thousands at Apples org) can get bribed to reset security questions for example on random accounts.

So I'm not arguing that support should be able to fix it, but I AM arguing that Apple as a big company could at least have the same level of hack detection capabilities as banks or other important sites have i.e. internally automatically flag suspected hack attempts - like someone logging in and within 3 minutes have changed ALL items of information in an account.

They could even make it completely automatic like they have with disabling 2FA - like insert a 2 week latency period on all major changes like replacing security questions and not just with disabling 2FA.

I found a bug in the iforgot.apple.com flow as well, my account was actually created before the security questions were added to the apple accounts, and the iforgot flow doesn't understand this - so if you click "Reset Security Questions" you go to a screen where it says you first have to answer the *original* security questions used when the account was created. But if there were none to start with, the iforget flow now incorrectly lists the NEW security questions (in Chinese) as the "original" ones so there is no chance to answer them.

The bug fix in the iforget flow for these older accounts should be to simply allow a security question reset if you own the email address used when you created the account. Then you could login and setup 2FA. It can't be worse than before, as the account never had either 2FA or security questions to start with, it only had email authentification, so letting people do this wouldn't degrade the security protocols for anybody else.

Unfortunately that means you are out of luck. Apple is strict with their account security and the use is in full control of their Apple ID only.

Your option now is to submit proof of ownership of the phone to Apple to request they remove the Apple ID from the phone do you can start as new Apple ID. How to remove Activation Lock - Apple Support

stolen-account wrote:

I have the same problem, the security question is changed to chinese language. My request was to delete the account and apple support wasn't able to help me here. Now that it is happening with many people, Apple should do something about it. This is the least I can expect from Apple :/

I’d not expect much help accessing an account that is effectively if not fundamentally not mine. Apple needs to differentiate me from somebody trying to socially engineer (***) access into (their?) (my?) account. Identity which isn’t always easy to determine, particularly after a catastrophic security breach, and given some folks routinely try to talk their way into to others’ accounts.

If this Apple Account take-over follows the usual pattern, the person that created the Apple Account chose to not enable two-factor authentication or another security mechanism, and either chose to re-use a password, or got phished. Which too often then leads to easier account take-over.

In addition to those features, Apple also provides password security recommendations, which will flag many compromised and problematic passwords, for those people that use Keychain.

At best, enabling two-factor authentication might wrest control back here, but more than likely this account is gone to its new owner and a new Apple Account needed, and the devices will need their purchase receipts to transfer to the new Apple Account. Yes, this is a huge mess.

For those reading this thread that do not already have two-factor authentication enabled, or that are re-using passwords, or both, please go fix that right now. Gaining control over these accounts (using credential stuffing, or using phishing) can be all too easy! And these take-overs are entirely automated! This automation is why “it is happening with many people”, too!

Mine was an old account that I think I had created for apple.com but it is old enough that it was not my Apple ID login. Most likely I had created it prior to having an Apple device over a decade ago. Ironically I am logged in with it to make this post. I was able to change the password but the security questions seem to be in Japanese according to Apple Translate so I can't get access to my account info. The security questions didn't exist when I had created the account for the Apple website. I am going to make sure I review all of my passwords for every site I have a login to make sure they are updated to a more secure password even on old accounts (of course turn on 2FA). This particular one was probably an easy one to hack. I wasn't using the account but I would like to see what info I had in it.

Ask Apple Support to disable your account. Thats all they can do but it won't be deleted

It’s not Apple being stubborn nor not helping just because you don’t agree with it. It’s their literal security and privacy position so they offer what options and steps are available.

Security and your Apple ID - Apple Support

Privacy - Apple

Same here, no apple device, just feeling uncomfortable with someone using my account wrongfully. Hope you didn't have any credit card connected with it or no cloud information on there. Have you received any invoices or mails about other actions with your account?

Mine was hacked by chinese people so that I cannot even try to answer the questions xD

Thanks for your response. I dont have any apple devices active, simply received emails about the change of password, security questions and date of birth this morning all within one minute.

What could be the worst thing to happen in this case? Apple support says there's nothing I can do to stop this person from accessing or using my private information which is quite disturbing. Hopefully they won't do no harm anymore.