Q: My devices have been hacked. What do I do?

@Opsystem Where did the link actually lead to? Can you give us a rough idea (while perhaps not posting the actual phishy URL)? That sounds like a good lead. Odd if it was only people in Australia who clicked through on it though.

That is probably a real letter from Apple, check the mail header on it. The link in the letter would allow you to login.

You can log into your iTunes account yourself on your computer and see if that purchase is showing up in your account. Also check whatever credit card you use with your account.

From reading through all the posts, it seems that it's safe to say it's NOT just Australia and New Zealand, but, certainlly all of the victims have been in primarily English speaking countries, which would further imply that whatever was exposed or breached or compromsied would also be related to that demographic.  Without knowing every online service and every application of every victim, we may not have enough data to pin down the commonality between them all. 

Regardless; it's clear that by using passcodes, or, better, passphrases on your iOS based devices, as well as having a strong password on your iTunes/iCloud account (managed with something like 1Password) will help. 

As I recall there are about 4 people who are not currently in Australia/New Zealand, and 2 of those had Australian connections. Don't think there are enough non-residents to say it is outside of that area and as thomas_r said they may be the key to the issue.

Opsystem wrote:

 

Dear Apple Customer,   Your Apple ID was just used to purchase "Skype credit 20$" from the iTunes Store on a computer or device that had not not previously been associated with that Apple ID. You may also be receiving this email if you reset your password since your last purchase. This purchase was initiated from 217.149.182.125 (Volgograd, Russia).   If you made this purchase, you can disregard this email. It was only sent to alert you in case you did not make the purchase yourself.   If you did not make this purchase, we recommend that you urgently check your Apple ID:   Apple ID (the link was in this text but I cleared it)   Remember, that Apple will never asks you to provide your secure details by e-mail or phone. Yours sincerely, Apple Inc#.

My wife recieved the above suspect Phishing email on the 16th of May.  She sensibly deleted it.  I wonder if others clicked through?  We are in the UK BTW.

It's probably just a coincidence. There are many peolpe affected by this who would not have fallen for a scam like that.

No-one I know has been hacked.  Perhaps I don't get out enough.  Much as I love my friends and associates, I'm sure that many of them practice poor security.

I am in Aus, and I too was hacked. Nothing that anyone here has noted as 'causes' is relevant to me - totally different ebay password, didn't click on the email link etc.  I have 2 ipads and 1 x phone - have reset the phone and 1 x ipad, but am holding off on the second as there is some info on there that I really don't want to loose if possible.  Has anyone anywhere come up with a 'fix' yet so that I con't have to restore?

geez, thinking that should just turn off Find My iPhone for now. and also change your password, make sure you have two-factor authentication turned on. make sure you have a passcode on your lockscreen, and delete your credit cards from itunes. then wait until the coast is clear when apple comes out with an explanation and a resolution. scary.

This happened to me 2 months ago on my MacBook Air I have had for almost a year now. The only backups of my iPhone 5s and all pics and messages are on that computer. It was locked randomly using the find my iPhone as I did not have a pass code set for the macbook (didn't think you could) so like the phones and iPad when whoever has access to the findmymac account logs in and marks your device as stolen or lost and creates a new passcode, THERE IS NO WAY TO REMOVE THE LOCK WITHOUT APPLE's HELP (to all those posts where people thought the old reset would get rid of it). I believe that pin stays until you get rid of it which you can't cos your account or device was hijacked like mine.

Problem is apple didn't offer me any info, support or advice at the store. I even had the logs from console just before the lock which showed a duplicate keyboard was loaded, and some other hacks to do with dictionary, language, and remote access!

In my case the hack was done using the original owners  account (who was out of the picture nearly 1 year ago now but didn't disassociate the serial number of the MacBook Air from his findmymac account.... Just like I never have not once when I sold half a dozen iPhones and another stack of MacBooks and desktop macs (cos no one even knew about that whole thing Apple!!!!). Grrr :@. So the old owner gets an email saying if he wants his computer then he has to pay. But I already paid him. And he won't get his computer access back from the hacker cos he doesn't own it any more! And so surprise surprise he's not getting it unlocked for me. And Apple did not even bother IN THE SLIGHTEST to advise me or to work around with another solution so I can't unlock it. So it sits here and no one gets to use this amazing laptop for months now, while my most valuable data I need for evidence in court soon sits on it waiting for Apple to come back down to earth. :(

Of course same goes with all" find my" devices with multiple account SN registrations /previous owners. In any event you will need apple to help you. And if you aren't as unlucky as me, they might actually give a toss and do something for you.

Good luck everyone.

Sorry I am from Melbourne Australia, btw.

The source of the hack is varied but I believe from my investigations given my head start as a victim some weeks ago, that the offenders are very very local.

Some of you might also notice now that you are prone to checking, that your devices have been root accessed remotely by unauthenticated shell log in  (jailbreak not required contrary to false and wrong assurances). If you read the reasons released by Apple for iOS 7.1.1 update you will see it right there thus the reason for those patches. As a result your key chains like mine would have been accessed along with your account passwords for everything! If they didn't do this, then the reverse happened via heart bleed.

Nonetheless your devices and data are in jeopardy while they remain locked by someone else and powered on.   I would put the iOS devices in DFU mode immediately, remove the SIM card and contact apple for further reset assistance. As for MacBooks etc you must shutdown using terminal so that it actually forces any hackers to be logged off at the same time. I also disconnected the power if possible as not taking any chances.

In the mean time, an internet security specialist (not Apple. They didn't help me still!) said I have to reset EVERY password, username if possible and banking detail that I can, BUT MUST BE DONE ALL IN ONE SESSION, ON INTERNET AND DEVICES THAT ARE NOT YOUR OWN OR LINKED WITH THE BREACHED DEVICE IN ANY WAY, and that I am not to use any device with these new account details until the problem has been solved. So I say it's a good time to head over to the demo computers and free internet at Apple and "stand" there and change all your keychain entries, iCloud's, emails, netbanks, Dropbox, etc etc etc.  I wish everyone the best of luck!

P.s. I firmly believe that once the imei, serial and mac addresses have been compromised that Apple must swap the devices over or issue new numbers as the hackers have used these details in my case to just keep going back into my iPhone and iPad and macs which are not still locked (still waiting on my air). So all my new accounts and passwords and all that effort is in vain cos I keep doing all the work changing everyone only for similar breaches to occur, even if the passcode issue is specifically avoidable a second time by assigning your own passcode first. Needless to say apple won't swap a single device of my 2 x iPhone 5s, 2 x iPads, 2 x airports, 2 x macbook pros, MacBook Air (still locked), 3 x iPhone 4s and the list keeps increasing. *Sigh*

can u just reset your password then but your iPhone back into lost mode and change the passcode?

u all should try this

funny thing is too is this idiot hackers are using paypal which can be tracked

Hi,

For what its worth, just wanted to add my story.

iPhone 5 was locked yesterday at 4.24am via FindMyiPhone.

I didn't have a lock on my phone so the hacker set one. Woke up to the same message as everyone else.

I was able to access iCloud and unlocked FindMyiPhone then changed my Apple password.

Tried to reset my phone via iTunes but it buggered up halfway through and froze.

Went to Apple store in Canberra yesterday and reported the problem - staff member couldn't have cared less and acted like she didn't believe me! After she re-set my phone it was fine.

My iPad mini was okay and still seems to be.

Apple disabled my account last night so I had to re-set the password again.

My daugher who lives with me has an iPhone4 and iPad and she wasn't hacked.

However, a collegue of mine was.

I own my phone outright. I don't have an ebay account and my password wasn't used anywhere else except for Apple.

Fantastic update of your situation nessmonz, thank you for contributing that. 

Was your Apple ID and Alternate Apple ID with Apple itself, that is, do you sign in to your iCloud account with @mac.com or @me.com or @icloud.com, or, do you use another email service as your AppleID/Alternate (note that Apple provides both of these, a primary and alternate, as managed in appleid.apple.com, but a lot of people overlook this.)

Interesting that the attacker isn't changing iCloud passwords - several people have reported being able to enter iCloud and unlock their device and update passwords. 

Thanks

I'm not a very techy person but I sign into iCloud using my Apple ID. Obvs I have subsequently changed that password too as well as everything else I have a password for and made them all unique with two-step verification. So paranoid now.