My devices have been hacked. What do I do?

It looks highly likely this is an email harvesting scam. Someone has hacked into an unsecured server, somewhere in Australia, copied email and password details, and just tried logging in to their iCloud service, and gotten lucky.

My advice to anyone who uses the same email and password as their Apple ID, on other sites, don't. If you do, then change it now.

Until the server in question is identified, then don't use identical email addresses and passwords on any services

Apple can't help you if people use the same email and password across multiple web services, where your details can be hacked and used, which is what seems to have happened in these instances. Apple provide all the levels of security needed to protect a device. If people are too lazy to use them, who is at fault, really?

If you ignore the "set up secondary security details" Apple insist you do, you can't blame them for what happens if you don't. Like a seatbelt. If you don't use it and you crash, the consequences are hardly the car manufacturers fault if you're badly injured.

Well as a matter of fact I knew something like this might happen! One annoyomous hacker tried to contact Apple about iCloud hacking but Appe did not pay attaention. I tweeted about it on 24th May https://twitter.com/ahitagni/status/469916095928086529

Hi all, thanks for this thread, I had no idea what was going on when this first happened - I was using the phone at the time and it just locked on me and came up with that message. Luckily I had a passcode, so I changed all my passwords via computer and then restored my phone from iCloud backup.

I'm the person quoted in this article: http://www.news.com.au/technology/online/hackers-hold-apple-users-iphones-ipads- and-ipods-ransom-through-oleg-pliss-scam/story-fnjwnj25-1226933413412

My poss common denominators: I use gmail, Optus wifi modem with default (but really long) password - I tried changing it in the beginning and it didn't work so I just left it, and I use Netflix & Hulu Plus via unblock-us - I thought it was interesting someone mentioned that. Although other Netflix users I know didn't have their devices hacked.

no issue here, but I think it's important, AGAIN, to mention that for those who have two step authentication enabled for their Apple ID, the two steps procedure is not enabled to access icloud.com At first view it makes sense, how would you be able to locate your device if you don't have the two steps code that only the device itself generates (that is, unless you have another iDevice), but hey, there's a recovery key that the owner can use, so where's the problem? And keep in mind that accessing icloud.com with no secondary code required allows hackers to access "find my iphone" without it !!! Not mentioning emails and the rest.

SO AGAIN, Apple! please do enable two factor authentication on ALL Apple websites, icloud.com and the others too. Thanks.

If you use the same email and password for your Apple ID, on other sites, this is where the hacker has most likely gained your iCloud login details. If this is the case, change your Apple ID now, and can you list the other services that you did use. If we can pinpoint the servers that have been hacked, we can stop this QDP.

Andrew J wrote:

It looks highly likely this is an email harvesting scam. Someone has hacked into an unsecured server, somewhere in Australia, copied email and password details, and just tried logging in to their iCloud service, and gotten lucky.

My advice to anyone who uses the same email and password as their Apple ID, on other sites, don't. If you do, then change it now.

Until the server in question is identified, then don't use identical email addresses and passwords on any services

It doesn't look like it.

A friend of mine was hacked and she is tech savvy enough not to fall for a scam and would remember if she had clicked any official emails. Also she claims to have had a very strong and unique password.

Our best guess is either she had a keylogger (but we searched and could not find a keylogger, unless it's very well hidden) or else there might have been some hack internally at Apple.

I'm thinking the latter is the case, perhaps there is a vulnerability where if you know the serial number of the device or something you can trigger Find my iPhone without knowing the iCloud username/password. This would explain why all of the phones are in the same region/country.

You misunderstand what I meant. A hacker has obviously hacked into a server that contains user emails and passwords. If these people use the same email and password for their iCloud account, this is where the hacker has gained access. I never mention phishing scams at all. Lets try and be specific here so we can get to the root of the problem. Thanks.

abhibeckert wrote:

Andrew J wrote:

It looks highly likely this is an email harvesting scam. Someone has hacked into an unsecured server, somewhere in Australia, copied email and password details, and just tried logging in to their iCloud service, and gotten lucky.

My advice to anyone who uses the same email and password as their Apple ID, on other sites, don't. If you do, then change it now.

Until the server in question is identified, then don't use identical email addresses and passwords on any services

It doesn't look like it.

A friend of mine was hacked and she is tech savvy enough not to fall for a scam and would remember if she had clicked any official emails. Also she claims to have had a very strong and unique password.

Our best guess is either she had a keylogger (but we searched and could not find a keylogger, unless it's very well hidden) or else there might have been some hack internally at Apple.

I'm thinking the latter is the case, perhaps there is a vulnerability where if you know the serial number of the device or something you can trigger Find my iPhone without knowing the iCloud username/password. This would explain why all of the phones are in the same region/country.

My iCloud password was unique - but very old. Email password I had used for a few different things, I had about 6 different passwords (probably considered moderately strong) that I used altogether, with more important things (banking, paypal etc) each unique. I'd say my email password was the most vulnerable having used it either currently or previously for other things such as social media.

Not for a long long time, but my iCloud password was once an Optus password. It was a random one Optus gave me many years ago that I found easy to remember. But for the oast few years it was the Apple ID password only and not used for anything else.

abhibeckert wrote:

Andrew J wrote:

It looks highly likely this is an email harvesting scam. Someone has hacked into an unsecured server, somewhere in Australia, copied email and password details, and just tried logging in to their iCloud service, and gotten lucky.

My advice to anyone who uses the same email and password as their Apple ID, on other sites, don't. If you do, then change it now.

Until the server in question is identified, then don't use identical email addresses and passwords on any services

It doesn't look like it.

A friend of mine was hacked and she is tech savvy enough not to fall for a scam and would remember if she had clicked any official emails. Also she claims to have had a very strong and unique password.

Our best guess is either she had a keylogger (but we searched and could not find a keylogger, unless it's very well hidden) or else there might have been some hack internally at Apple.

I'm thinking the latter is the case, perhaps there is a vulnerability where if you know the serial number of the device or something you can trigger Find my iPhone without knowing the iCloud username/password. This would explain why all of the phones are in the same region/country.

It wouldn't be Apple servers, as they aren't localised, and highly secure. This points to a hacker who has gained access to an Austrailan server, which is why only Australian users are affected. The hacker has gained access to the iCloud accounts of some users and logged in, shut down their devices and sent a message of demand. The point is, Apple servers are so secure, that a punk asking for $100, is neither likely or smart enough to hack into them. This is a local server that has gained access, and only people who may use the same email and password to log in, as their Apple ID.

Definitely using the same password across a few different things.

On the phone to Apple in the UK now. They are checking with Senior Advisors but are pretty sure the restore is the only way forward. That's ok for my iPad backed up to the cloud, but not for my daughters iPod.

Will let you know how I go.

Tigerlily75 wrote:

Oh wait ----- the password was the same as eBay!! I didn't even click as I hardly ever use eBay, (but it was one I changed last night!).

Ok, that makes sense. Ebay was hacked into just last week. This is the source. If you haven't already, change your Apple ID and add secondary security precautions.

Andrew J wrote:

Tigerlily75 wrote:

Oh wait ----- the password was the same as eBay!! I didn't even click as I hardly ever use eBay, (but it was one I changed last night!).

Ok, that makes sense. Ebay was hacked into just last week. This is the source. If you haven't already, change your Apple ID and add secondary security precautions.

Doesn't make sense. There were global breaches to eBay. The Apple thing is localised to Australia and New Zealand. Also people have said they don't have eBay and were still affected today.

kkneufeld wrote:

Andrew J wrote:

Tigerlily75 wrote:

Oh wait ----- the password was the same as eBay!! I didn't even click as I hardly ever use eBay, (but it was one I changed last night!).

Ok, that makes sense. Ebay was hacked into just last week. This is the source. If you haven't already, change your Apple ID and add secondary security precautions.

Doesn't make sense. There were global breaches to eBay. The Apple thing is localised to Australia and New Zealand. Also people have said they don't have eBay and were still affected today.

eBay have localised servers. There was no detail on which eBay servers were hacked last week, but it was clear, user details were hacked in to. This is more plausible than some pimple faced punk somehow cracking Apple server encoding. More likely the hacker thought trying his scam outside the US was a safer bet.