Q: My devices have been hacked. What do I do?

<Edited by Host>

Further news on this from my perspective... now I've had 2 separate password changes on iCloud also hacked. My last one was a super awesome big password. All passwords were solely used on iCloud, nowhere else.

Also I don't have a key logger. But some dude keeps finding and losing my phone. Grr.

1 iPhone + 2 iPads hit at 4am this morning (I'm in Sydney).

Went to Apple George St store - was there before doors opened. The tech guy said he wasn't aware of any hacking issue, but after he went "out the back" he came back & said one of their guys had been hit as well. So anyone visiting Apple George St after 9am today should tell them to ask their staff memebr who'd been hoit with it.

Anyway...

They asked for proof of purchase, which I didn't have on me. After some debating they agreed to fix it. They detached the devices from iCloud and iTunes, got me to change my Apple pwd, and told me to also change any email pwds associated with my Apple account BEFORE doing the restore. Yes, they had to set both phone + iPad back to factory settings and as I'm slack I've lost 3 monhs of stuff. Have just restored the iPad from iTunes and it worked. Now for the phone...

They also advised me to disable Find My iPhone on all devices until they know more about what's happened.

Telstra Bigpond for me.

The guys in the Apple Store yesterday said my device was pinged and messaged from an IP that started with 195.

In case it is of interest...

Both my iphone and ipad were hacked (luckily both are password protected, so I could get back in).

Both devices were purchased in the US, although I am currently in Australia and have been for the last six months.

While the password is pretty weak, I can't recall using this combo anywhere else (but I may have done so in the past).

I do not use ebay and my Paypal account has an entirely different (and much stronger password).

Our router is not set to the default password.

Iphone was hacked this morning.

I don't have internet at home. So, no modem / insecure home network.

I havent clicked on any links in emails from apple either.

Went to the Telstra shop this morning, it was all news to them. They sent me to the Apple shop. They didn't know anything either. Wanted me to wait around until someone was availble to look at it, but had to go to work. They wouldn't let me leave my phone and pick it up later. Which was annoying. Managed to the phone fixed using the icloud website. But, didn't have passcode set. So, couldn't unlock. Had to delete everything and backup. So annoying.

Ipad was fine until it found the network at work, then it was locked too. Luckly I had set a passcode, so was easier to get working again.

Great update gfox01, thank you for sharing.

When you say the password was weak, are you referring to your iTunes/iCloud account password, or the password of the iPhone/iPad? 

Suspicion is high that it's the iTunes/iCloud account password which is somehow being abused to perform this attack.

Thanks ScottM,

It's the iCloud password that was weak - I don't use iCloud / iTunes much, so I didn't bother coming up with anything difficult, I didn't think it was important - until now!

As far as I understand it if you've set a password to protect your devices you have nothing to worry about. Why would you not set a password for a device connected to the internet? Its just common sense.

One thing that I don't think has really been considered - if this is a money making scheme, it's a pretty lousy one.  As soon as you swipe the screen to try and unlock your phone (which I imagine is the first thing people do - especially if it's doing a **** good imitation of a fire alarm at 3:30am), the message with all the "pay me" details disappears, and you can't get it back!

Basically it's just a massive incovenience rather than a scam (unless they can install stuff on your phone?).

Anyway, our affected iPhone has been restored and is working just fine, and Find my iPhone has been disabled on all devices.

And another point I remembered is that that login is for the US iTunes store and was set up in the US (if that makes a difference). I use a different login for the Australian store.

It is not a pass word as such that people have not set - it is the 4 digit 'PassCode' to lock the screen.

It doesn't stop remote access - its function is to make the phone useless to a thief.

a feature of Find My iPhone is to be able to remotely lock the phone if you lose it - even if if there is no PassCode set.  It allows the holder of the iCloud Account to remotely apply a PassCode.

In this case the naughty people have put the owner in the position of thief and locked them out of their own phone.

Many people don't bother with a pass code for a number of reasons...  I'm guessing it will be more popular after today - along with 2 factor authentication.

That's also interesting, gfox01 - thanks.  So, without revealing anything sensitive, would you be willing to share where the email account is based for that iTunes/iCloud account (the one that had the weak password)?

Some people have @icloud.com/@mac.com addresses, but, Apple also lets you have secondary or "Alternate ID" as well as alternate email addresses.  As a result, you may actually sign in with an @gmail.com address, or something else entirely.

Many people don't bother with a pass code for a number of reasons...  I'm guessing it will be more popular after today - along with 2 factor authentication.

My wife used to scoff at me for passcoding my own phone - the only pleasure i got from faffing all morning today restoring her unprotected devices was the family sized serving of schadenfreude.  I've initiated the 2 factor authentication, too, that's for sure.

if it helps in identfying the cause, her AppleID password was weak, although I don't think she used it across other services (she hasn't got an ebay account, for eg).  Someone mentioned Telstra earlier too - Bigpond is our ISP.

Hopes this helps.

ScottM - the account we had hacked used @mac and @me addresses (one of each) only.