Q: My devices have been hacked. What do I do?

Thanks - I've forwarded this to my wife - hopefully it works for her...

It is very very unlikely that Apple has been hacked.

Someone will have got a list of emails and passwords from a hack of another very unsecure site in Australia, and tried them all up against iCloud.

Maybe 10% or 20% of people will have used the same email and password on both sites and this is how they got in to iCloud. The devices attached to the account were then set to lost in Find my iPhone, they played the alarm noise and used the send a message function to demand a ransom.

You should make sure you don't use the same passwords in more than one place.

got to iforgot.apple.com and enter you ID in this way

thanks.

It would be nice to think that Apple has not been hacked but there are a number of sites reporting that iTunes was susceptible to Man-in-the-Middle until 16May2014 (Not sure of date but this date is in some sources)

Apple blocked the exploit with a release of iTunes.

http://support.apple.com/kb/HT5030

There are a lot of links to the story - although there is a good chance that they all quote a couple of original stories.

http://gadgets.ndtv.com/mobiles/news/icloud-activation-lock-allegedly-bypassed-b y-doulci-hacker-team-528915

http://appleinsider.com/articles/14/05/21/hackers-claim-to-have-exploit-for-iclo ud-use-vulnerability-to-disable-activation-lock

The advice from TallPete is good - DO NOT use passwords in more than one place.

The paranoia in me suggests that, if an earlier version of iTunes is being used, then it should be updated BEFORE changing the Apple ID password.

Message was edited by: TheRealMoriarty

I'm in Melbourne & also received the same message on my IPad last night.I do have a passcode set up. so seemed to bypass the locking but I'm not sure what acction I shouldbe taking.

kkneufeld wrote:

 

But shouldn't they at least acknowledge it?

Not necessarily. For one, they probably don't have enough information yet to make any kind of intelligent comment at the moment, so making a comment would be a waste of their time and ours.

Secondly, this doesn't appear to be a breach of Apple's security. If it were, we wouldn't be seeing only Australians and New Zealanders getting this message. It would be affecting a broader spectrum of Apple's users. This means it must be a breach of some system local to Australia and New Zealand that has allowed hackers to capture Apple ID passwords.

It was a flash SMS which does not show up in your messaging app.

Chris, that doesn't explain why people are now locked out of their phones with passcodes. Flash SMS is just a kind of message, it can't lock your phone.

thomas_r. wrote:

 

kkneufeld wrote:

 

But shouldn't they at least acknowledge it?

 

Not necessarily. For one, they probably don't have enough information yet to make any kind of intelligent comment at the moment, so making a comment would be a waste of their time and ours.

 

Secondly, this doesn't appear to be a breach of Apple's security. If it were, we wouldn't be seeing only Australians and New Zealanders getting this message. It would be affecting a broader spectrum of Apple's users. This means it must be a breach of some system local to Australia and New Zealand that has allowed hackers to capture Apple ID passwords.

Noted.

I will just have to wait it out and hope for the best.

@lozzab22: Did you activate this iPhone with your Apple ID while you were in Australia?

I don't think it's passwords - or at least not just. We have  three iPhones at home, all on different accounts, all with strong passwords (all more than 12 characters, all with a mix of upper case, lower case, numbers, and punctuation, with no words or embedded leet-speak words) that aren't used on other sites. Two of them came up with this overnight, the third didn't. The only obvious difference is that (through sheer accident) the third had WiFi switched off at the time, and was thus accessing Apple via a different ISP - the mobile phone carrier.

Given this seems to be happening mainly in Australia / New Zealand I suspect a man-in-the-middle attack (a bit like the idoulCi hack) where someone has redirected Internet traffic from some ISP's in Australia/NZ to a server that's doing the nasty. :-( There's very little checking in many of the peering fabrics used by ISP's to transfer domestic traffic to each other, it would only take one ISP to be hacked and insert a route saying "Apple this way!" to a single peering fabric to steal 30%+  of customers in Aus/NZ.

That said, as we should in these circumstances we have changed passwords on all accounts to new strong random passwords, just in case someone has hacked Apple and retreived passwords.

Have you seen this >   http://viewnews.com.au/apple-devices-hacked-overnight-459402/

I didn't use the same passwords but was still hit.

I was in Sydney Apple Store at George street today at 11:00am with this issue (iphone 5 was without pass code, at night it was message that phone was hacked and pass lock installed). In the store they told me that first time listen about such issue and if I don't have itunes synced with my phone I can only reset it to factory default.... I was able to change Apple ID password, but unable to remove lock.... I synced my iphone with computer some time ago but after itunes update (and iphone ios update) they are unable to connect back. I have some family photos there which I don't wish to lost, but looks like companies who restore information unale to work with iphone 5...

i have restored my phone. unfortunately my last backup was 2012 so i have lost a lot of pics/vids/contacts. but atleast my phone is now functioning and i have reset all my passwords.

fwiw i didnt have the same apple password as ebay or my email

Interesting thread. We have eleven iDevices in our family. Three have had the same hack as under discussion. The three that have been hacked had the "keychain" option on iCloud enabled. All three (they belong to younger family members) were used regularly for popular games with "in app" purchasing. All three owners used the same password on multiple accounts, both Apple and Android. Android is notoriously insecure with its "permissions" being granted to all all manner of developers.  None of this might be relevant, but they seem possibly suspect to me.

All three have been restored sucessfully from iTunes backup and their passwords changed. None now have the keychain option selected.

I would love to know whether others use Android devices for the same mail accounts as on their Apple devices, or use iCloud (it's an easy thing to do) on Android.