My devices have been hacked. What do I do?

I got this email at the end of March:

None of this was updated so I ignored it. I wonder if people got this and this is how their details were taken? I have not been hacked. I am in Australia. The email address this was sent to was ######@finder.net.au. This is not my email address yet somehow I got it. The sender address was appleid@news.apple.com. These are also reasons I ignored it.

I have just realised that the devices belong to my family have another common factor. They were the only ones that use Netflix accessed via an "unblock-us.com" account. That means that they were all linked to the same VPN server. Whatever the common factor is it appears to be Aus/NZ centric. If not an ISP - unlikely - possibly a common server could be a part of the issue.

Regarding the iphone ransom hack I think this can be done just by hacking the password for the icloud login.Given that many people use the same passwords across sites and given the number of recently compromised sites such as ebay this is not that hard to get passwords. Luckily I haven't been hacked, However I have 2fa on for my apple id which I thought should protect me, but an icloud web login doesn't ask for the 2fa which is just ridiculous. Once in you can set the phone to lost and demand the ransom with a message.

For now I've turned off find my iphone on all devices.

APPLE WHY DOES 2FA not apply to an icloud.com login?

"I got this email at the end of March:

...

None of this was updated so I ignored it. I wonder if people got this and this is how their details were taken? I have not been hacked."

Yes it is one way of getting hacked.

The link in your email does not go to login.apple.com.

It goes to a bogus website designed to look like Apple website.

Further news on this from my perspective... now I've had 2 separate password changes on iCloud also hacked. My last one was a super awesome big password. All passwords were solely used on iCloud, nowhere else.

Also I don't have a key logger. But some dude keeps finding and losing my phone. Grr.

1 iPhone + 2 iPads hit at 4am this morning (I'm in Sydney).

Went to Apple George St store - was there before doors opened. The tech guy said he wasn't aware of any hacking issue, but after he went "out the back" he came back & said one of their guys had been hit as well. So anyone visiting Apple George St after 9am today should tell them to ask their staff memebr who'd been hoit with it.

Anyway...

They asked for proof of purchase, which I didn't have on me. After some debating they agreed to fix it. They detached the devices from iCloud and iTunes, got me to change my Apple pwd, and told me to also change any email pwds associated with my Apple account BEFORE doing the restore. Yes, they had to set both phone + iPad back to factory settings and as I'm slack I've lost 3 monhs of stuff. Have just restored the iPad from iTunes and it worked. Now for the phone...

They also advised me to disable Find My iPhone on all devices until they know more about what's happened.

In case it is of interest...

Both my iphone and ipad were hacked (luckily both are password protected, so I could get back in).

Both devices were purchased in the US, although I am currently in Australia and have been for the last six months.

While the password is pretty weak, I can't recall using this combo anywhere else (but I may have done so in the past).

I do not use ebay and my Paypal account has an entirely different (and much stronger password).

Our router is not set to the default password.

Iphone was hacked this morning.

I don't have internet at home. So, no modem / insecure home network.

I havent clicked on any links in emails from apple either.

Went to the Telstra shop this morning, it was all news to them. They sent me to the Apple shop. They didn't know anything either. Wanted me to wait around until someone was availble to look at it, but had to go to work. They wouldn't let me leave my phone and pick it up later. Which was annoying. Managed to the phone fixed using the icloud website. But, didn't have passcode set. So, couldn't unlock. Had to delete everything and backup. So annoying.

Ipad was fine until it found the network at work, then it was locked too. Luckly I had set a passcode, so was easier to get working again.

Great update gfox01, thank you for sharing.

When you say the password was weak, are you referring to your iTunes/iCloud account password, or the password of the iPhone/iPad?

Suspicion is high that it's the iTunes/iCloud account password which is somehow being abused to perform this attack.

As far as I understand it if you've set a password to protect your devices you have nothing to worry about. Why would you not set a password for a device connected to the internet? Its just common sense.

One thing that I don't think has really been considered - if this is a money making scheme, it's a pretty lousy one. As soon as you swipe the screen to try and unlock your phone (which I imagine is the first thing people do - especially if it's doing a **** good imitation of a fire alarm at 3:30am), the message with all the "pay me" details disappears, and you can't get it back!

Basically it's just a massive incovenience rather than a scam (unless they can install stuff on your phone?).

Anyway, our affected iPhone has been restored and is working just fine, and Find my iPhone has been disabled on all devices.

It is not a pass word as such that people have not set - it is the 4 digit 'PassCode' to lock the screen.

It doesn't stop remote access - its function is to make the phone useless to a thief.

a feature of Find My iPhone is to be able to remotely lock the phone if you lose it - even if if there is no PassCode set. It allows the holder of the iCloud Account to remotely apply a PassCode.

In this case the naughty people have put the owner in the position of thief and locked them out of their own phone.

Many people don't bother with a pass code for a number of reasons... I'm guessing it will be more popular after today - along with 2 factor authentication.

That's also interesting, gfox01 - thanks. So, without revealing anything sensitive, would you be willing to share where the email account is based for that iTunes/iCloud account (the one that had the weak password)?

Some people have @icloud.com/@mac.com addresses, but, Apple also lets you have secondary or "Alternate ID" as well as alternate email addresses. As a result, you may actually sign in with an @gmail.com address, or something else entirely.

Many people don't bother with a pass code for a number of reasons... I'm guessing it will be more popular after today - along with 2 factor authentication.

My wife used to scoff at me for passcoding my own phone - the only pleasure i got from faffing all morning today restoring her unprotected devices was the family sized serving of schadenfreude. I've initiated the 2 factor authentication, too, that's for sure.

if it helps in identfying the cause, her AppleID password was weak, although I don't think she used it across other services (she hasn't got an ebay account, for eg). Someone mentioned Telstra earlier too - Bigpond is our ISP.

Hopes this helps.

Apple must do something asap!, if they can lock your phone what will stop them from locating you! im been getting msg pop up on my ipad

saying (your device is infected with a virus) msg something like that, Has this happen to anyone yet?