My devices have been hacked. What do I do?

Star Traveler wrote:

Make sure you use Apple's Two-Step Verification process, after you get your iOS device restored, too ...

http://support.apple.com/kb/ht5570

This won't help if someone gets/hacks your password. It just won't allow someone to access/manage the ID on apple. I wish there was someway Apple can devise an additional secure step for Find My Iphone. That would close this security hole.

Star Traveler wrote:

That's precisely what this prevents, you see ... :-) ...

You should post a link to web pages you copy word for word.

-> Frequently asked questions about two-step verification for Apple ID

frankksantoyo wrote:

I was in a local branch of the Social Security office here in Hollywood

...

Yes.

You don't need to repeat your story to every poster and in multiple threads.

Contact AppleID support and ask for Account security...

-> http://www.apple.com/support/appleid/contact/

Have you contact Apple's Account Security Team? Apple ID: Contacting Apple for help with Apple ID account security. What is the nature of your proof? The only proof they will accept is a receipt showing that you are the first owner (you did not buy it used).

fishklr1 wrote:

Now the devices state that they have been reported as lost and erased. Now the devices require this other persons ICloud info to get into. Apple has been shown proof that the devices belong to me, but they state that there is nothing they can do.

As far as I know, there is no way to remotely change the Apple ID used to register an iPhone or iPad. Sounds like what has actually happened is that your Apple ID has been hacked, modified and then used to lock your devices.

Apple has taken a very hard line on iOS device theft. Devices that have been locked by their associated Apple ID cannot be unlocked without the password for that Apple ID. Apple has also been bitten by lax security precautions in the past that allowed people to gain control of other people's Apple IDs by convincing an Apple tech to give them access. As a result, they have changed how they handle Apple IDs. Apple's increased security on these two fronts have been almost universally praised. Unfortunately, this increased security is not working in your favor at this moment.

Here's the problem... if a hacker gains control of your Apple ID for long enough, they can literally make it impossible for you to ever regain control of it. (This can only be done if you have not secured your Apple ID with two-factor authentication, and are using the substantially weaker security of "security questions." Further, the act of hacking your Apple ID requires something like a weak password or easily-guessed security questions, or an associated e-mail with those same flaws.) Once they've done this, they can then permanently disable your iOS devices.

It's understandable that you're upset by this. However, the Apple techs are being completely honest with you: there is nothing they can do. You are not the first to have this problem, and won't be the last.

This is why you need to pay close attention to security with regard to all your online accounts, and your Apple ID in particular. There would have been signs that your Apple ID was being hacked. You may not have recognized them as such, but certainly should have recognized that they were unusual, and should have acted quickly. I say this not to rub salt in the wound, but to point out that you need to be aware of these kinds of things with ALL online accounts in the future.

I'm in the States and have been keenly watching this develop overnight (over here).

I've read all the posts and thought 2 were of particular interest:

1. The person who is in Toronto but who had activated their device in Australia
2. The person affected who said they were in the UK (but did not say anything about any OZ/NZ connections

I don't have any particular theory at the moment but thought those two 'out of band' posts were intriguing as they probably break the "This is only happening to people using Australian/New Zealand ISPs" theory.

Foaming Draught wrote:

My wife and I haven't been hacked (in Australia, 2 iPhones, an iPad and an iPod). We have passcode set on our devices. Find my iDevice is on. We don't share Apple IDs. I've received phishing emails purporting to be from my mail provider, Fastmail, recently, but I think that's coincidental. I recognised them for what they were. My eBay password was (I write "was" because I changed it last week) different to my Apple ID password.
I've looked at my iCloud settings. The only major app which iCloud is disabled for is Mail. I use Thunderbird on my (Mac) desktops, my wife uses a web interface on hers.

I don't use a VPN.

I wonder if an app provider is the source? We don't have games on our devices.

This ramble is just to add to the detective data.

Follow the recovery mode instructions if you can't unlock your devices.

Follow these steps if you never synced your device with iTunes, if you don't have Find My iPhone set up, or if you can't get to your own computer. You'll need to put your device in recovery mode to erase the device and its passcode. Then you'll restore your device.

1. Disconnect all cables from your device.
2. Turn off your device.
3. Press and hold the Home button. While holding the Home button, connect your device to iTunes. If your device doesn't turn on automatically, turn it on.
4. Continue holding the Home button until you see the Connect to iTunes screen.
5. iTunes will alert you that it has detected a device in recovery mode. Click OK, then restore the device.

Apps are sandboxed from accessing your account details. Your account has been harvested in some way, how, we're trying to figure that out. Change your Apple ID password if you haven't already. Just a question, do you use the Apple ID email address and password with any other login account?

Instead of seeing it as the number or devices, see it as the number of Apple IDs and secure it using

• a strong & different password
• Two factor authentication
• Add atleast two trusted devices if you can. See if one of them is non-Apple. This diversifies your security.

You can then do the following housekeeping:

1. Add passcodes to individual devices.
2. Go to https://appleid.apple.com and strengthen your credentials.
3. Go to https://supportprofile.apple.com and ensure that only devices that are current are associated with you.

In order for you to stop lost mode from iCloud.com, the devices must be powered on and connected to the internet. I suggest you turn them back on so that they can get connected and then try to stop lost mode for them again.

Changing your password is a good idea but remember when you unlock your devices you must sign out of the Apple ID and sign back in again with your new password for the App and iTunes Stores, iCloud, iMessage and FaceTime.

Well, if you cannot get them out of the locked status, one thing you can do as a last resort is erase them and set them up again.

I hope you do have a backup from before the lock was put on the devices so you can recover your stuff by restoring from a backup after you have erased them.

You can always redownload apps, music, etc. bought from iTunes and resync contact, calendars, etc. from iCloud or from your computer.

I have the same problem, with the exact same message. Affecting both my iphone and ipad. Have reset passwords on all my applications (banking, email, social media etc) just in case.

I'll be visiting apple in the morning also.

I'm assuming there is going to be a lot of people affected by this hacking. I wonder if this is associated with the recent icloud hacking in the media:

http://www.nltimes.nl/2014/05/21/apple-icloud-hacked-dutch-gang/

I just connected my iPhone and it seems to be allowing me to back it up. So doing that now. At least if i need to erase it, i should be able to restore it from the back up later.

Still won't let me unlock it though.

Same issue. I'm also in Australia. My iPhone and iPad both don't have passcodes.

I have logged into iCloud and changed my password, I can see the hack message inside "Find my Phone" in iCloud.

I can see though that if I turn off Lost Mode the passcode the hacker set will still remain.

Has anyone called the police? It is a fraud attempt after all.