Q: My devices have been hacked. What do I do?

Tigerlily75 wrote:

 

No, I'm very protective of it, but that said I was also a bit slack in that a) it was very old - same password for years, and b) as stated earlier it was the same password I'd used for eBay which I didn't even realize until today.

I think you may be on to something there. I had the ebay issue as well, and had the same password.

Tigerlily75 wrote:

 

No, I'm very protective of it, but that said I was also a bit slack in that a) it was very old - same password for years, and b) as stated earlier it was the same password I'd used for eBay which I didn't even realize until today.

It may or may not be relevent, but by narrowing down all the possiblities, we can find the cause, and end this sooner rather than later.

As far as she knows, my wife did not sign up for Ebay....

For those collecting common threads. I am in Australia, I don't use Testra (I use Optus for phone and TPG for internet). I never use a VPN. I have never used Ebay and don't have an account there. And I bought my phone directly from Apple.

Thanks Andrew

I was able to use Recovery Mode and update to my last Back up - My devices that already had Passcodes set were Ok. Now learnt my lesson to always have a passcode set.

Loonbeam1 wrote:

 

As far as she knows, my wife did not sign up for Ebay....

It's a process of elimination, so we can probably discount eBay for now. There has to be a common thread to this problem, as the hacker would only use a one stop method of harvesting account details. If we can find out where the messages originated, it may give a clue to who.

Stefarn wrote:

 

Thanks Andrew

 

I was able to use Recovery Mode and update to my last Back up - My devices that already had Passcodes set were Ok. Now learnt my lesson to always have a passcode set.

Great news. If you haven't already, change your Apple ID password to something unique, and use it for that single purpose.

Good luck.

I know it's unlikely, but the other account I had with the same details as my Apple ID was my Catch of the Day account. I tried to find whether the company that owns Catch of the Day has any international links,  but couldn't. I'll keep thinking of others.

My wife and I haven't been hacked (in Australia, 2 iPhones, an iPad and an iPod). We have passcode set on our devices. Find my iDevice is on.  We don't share Apple IDs.  I've received phishing emails purporting to be from my mail provider, Fastmail, recently, but I think that's coincidental. I recognised them for what they were. My eBay password was (I write "was" because I changed it last week) different to my Apple ID password.
I've looked at my iCloud settings. The only major app which iCloud is disabled for is Mail.  I use Thunderbird on my (Mac) desktops, my wife uses a web interface on hers.

I don't use a VPN.

I wonder if an app provider is the source? We don't have games on our devices.

This ramble is just to add to the detective data.

According to news sites around the world reporting on this attack. The exploit uses the “Find My iPhone” feature, which allows users to remotely lock their iPhones and iPads via iCloud in case the devices are lost or stolen.

Foaming Draught wrote:

 

My wife and I haven't been hacked (in Australia, 2 iPhones, an iPad and an iPod). We have passcode set on our devices. Find my iDevice is on.  We don't share Apple IDs.  I've received phishing emails purporting to be from my mail provider, Fastmail, recently, but I think that's coincidental. I recognised them for what they were. My eBay password was (I write "was" because I changed it last week) different to my Apple ID password.
I've looked at my iCloud settings. The only major app which iCloud is disabled for is Mail.  I use Thunderbird on my (Mac) desktops, my wife uses a web interface on hers.

I don't use a VPN.

I wonder if an app provider is the source? We don't have games on our devices.

This ramble is just to add to the detective data.

Follow the recovery mode instructions if you can't unlock your devices.

Follow these steps if you never synced your device with iTunes, if you don't have Find My iPhone set up, or if you can't get to your own computer. You'll need to put your device in recovery mode to erase the device and its passcode. Then you'll restore your device.

1. Disconnect all cables from your device.
2. Turn off your device.
3. Press and hold the Home button. While holding the Home button, connect your device to iTunes. If your device doesn't turn on automatically, turn it on.
4. Continue holding the Home button until you see the Connect to iTunes screen.
5. iTunes will alert you that it has detected a device in recovery mode. Click OK, then restore the device.

Apps are sandboxed from accessing your account details. Your account has been harvested in some way, how, we're trying to figure that out. Change your Apple ID password if you haven't already. Just a question, do you use the Apple ID email address and password with any other login account?

Like others have said, Apple just booted me out of my AppleID right then and made me change my password again.  Thinking up all these unique and strong passwords is exhausting!  No wonder hackers have a field day.

Thanks for the reply, Andrew J, but I started off by writing that our devices have NOT been compromised. Then I rambled on in the hope that someone would see a common thread (a negative thread in our case) to those devices that are borked.

I can't remember now  -  has anyone posted anything about jailbreaking? Our (unharmed) devices aren't jailbroken, bog standard latest iOS.

Foaming Draught wrote:

 

Thanks for the reply, Andrew J, but I started off by writing that our devices have NOT been compromised. Then I rambled on in the hope that someone would see a common thread (a negative thread in our case) to those devices that are borked.

I can't remember now  -  has anyone posted anything about jailbreaking? Our (unharmed) devices aren't jailbroken, bog standard latest iOS.

Got blind sided there, I though you were commenting because you were hacked. Skipping text to get to the details is an old speed reading habit of mine.

Jailbreaking hasn't been a common thread, as others have stated on other forums.

It seems like the accounts have been harvested via an outside source where user details have been intercepted. Because it hasn't affected a great multitude, one can assume there is a minor connection between those affected.

My theory is a user account details used to log into other web services, is identical to their Apple ID. It's almost impossible for a snotty nosed hacker like this one, being able to access Apples servers. These details have been intercepted in some way via a third party server.

At the top of the page/thread I'm seeing

Branched to a new discussion.

with a link to a different thread, but when I try to click on that link/thread, I get a page saying "Unauthorized" and (in pinkish red)

It appears you're not allowed to view what you requested. You might contact your administrator if you think this is a mistake.

Anyone else seeing this?

(Also wondering why this thread is dying down - no other US people affected?)