Q: My devices have been hacked. What do I do?

And re updating passwords

It would help, I think, if Apple reminded all users to update their Apple ID with a unique password (wether its generated by the user themselves or another random generator). Perhaps the reminder could popup regularly when you open Itunes or such if email was thought risky.

Passwords now seem to be one of the most vulnerable processes in the security loop but while we still have to deal with them , assisting consumers, who mostly just want speed and ease, would benefit everyone.

I don't really care at this stage what Apple say or do not say. I've been to the Apple store twice now in as many days about this, and on each occasion they have said it's the first time they're hearing about any hacking. This, when on the first visit one of the tech guys told me his own devices were impacted by it.  They talk with forked tongues - and will try to lay the blame anywhere other than at their feet.

I know for a fact:

1. My Apple ID pwd was not used for anything else at all.

2. After wiping and resetting my devices, and changing both my Apple ID pwd and my mail pwd, within 2 minutes there was another attempt at a hack. I know this, becuase I received an email saying an attempt to set my iPhone to 'lost' mode had just been attempted and failed.

3. Within a couple of minutes of that happening, my Apple ID was locked, due to too many attempts at entering an incorrect  pwd (and no, it wasn't me!).  Seems the bot was still going strong last night.

4. I reset all pwds yet again, and deleted my iCloud account. So far, peace reigns.

I remember hearing about a recent phishing email that claimed to be from Apple notifying users that their iCloud accounts had been suspended. The email provided a log in link for users to resolve the issue. I wonder if the hacker in question was able to net some iCloud credentials during this phishing campaign and used those credentials for these attacks.

makucha wrote:

I know for a fact:

 

2. After wiping and resetting my devices, and changing both my Apple ID pwd and my mail pwd, within 2 minutes there was another attempt at a hack. I know this, because I received an email saying an attempt to set my iPhone to 'lost' mode had just been attempted and failed.

3. Within a couple of minutes of that happening, my Apple ID was locked, due to too many attempts at entering an incorrect  pwd (and no, it wasn't me!).

Now that is intriguing.

Did the e-mail have anything else interesting in it, like an IP address for the 'lost' mode attempt?

This is fascinating (sorry, I'm a sysadmin with IT security interests) because not only a subset of users have been targeted, but it appears that somehow an orchestrated attack on peoples' Apple IDs is involved.  If there are 'bots at work, those 'bots must be privy to some large-scale thievery of Apple IDs and passwords somehow, methinks.

changing both my Apple ID pwd and my mail pwd,

What mail pwd did you change?

Just wondering, from your message and many others, do everybody know what apple ID they have set the phone up with.

I have 1 apple id, then 2 apple id for itunes accounts, since i have had this for a coupla years.

I fear that the ABC chap who's just posted will come up with a story about Apple devices

I've already seen one news story that quoted me (by link, but not by name), saying that the issue was a DNS poisoning attack. Problem is, that theory had been thoroughly debunked many hours before.

Nobody should be paying any attention to mainstream news reports on this topic at the moment. They know less than the folks paying close attention to this topic do.

"it appears that somehow an orchestrated attack on peoples' Apple IDs is involved.  If there are 'bots at work, those 'bots must be privy to some large-scale thievery of Apple IDs and passwords somehow, methinks."

It doesn't look like "large-scale thievery". The number of reports is very local (to Australia, almost all, with a couple claimed in the UK and US, but very little definitive). Many of the people on this thread haven't had this happen to them (I'm certainly unaffected).

It's clearly some sort of third-party hack, or a phishing attack. A hack of a third-party app's servers might be a cause. There's a clear weakness in how some third-party apps ask for iCloud login details - as was detailed earlier this year. If there's an app that does this which has been hacked (or had its server hacked), you have your answer.

What you'd need is for the *affected* people to post a list of their purchased apps on their affected devices here, perhaps in "most recent" order. That way you could quickly exclude or mark as suspicious all sort of apps.

Apple is insistent that its iCloud servers haven't been hacked - which makes sense, as if they had, you'd be seeing this happening on a gigantic scale.

Peter Sealy1 wrote:

 

I have cancelled iCloud accounts from each device [thus Find my Phone also] and all devices have Passcode lock active. I realise I shall need to change Apple IDs and iCloud passwords.

Just to make sure that you are aware, you cannot easily change Apple IDs if you have any App Store or iTunes Store purchases that you wish to keep. Such purchases cannot be transferred, so you would have to re-purchase them.

Even if you did completely stop using your current Apple ID and get a new one, that's overkill and may not help. We still don't know what caused this or if it's still active, so you could easily get your new Apple ID hacked. Then all the effort (and potential expense) of switching to a new Apple ID would all be for nothing. It would be better to do as has been suggested already: secure your current Apple ID, and turn off Find My iPhone until the situation is resolved.

Thomas_r.  I think you'll find it is very easy to change your logon details for your apple id.

If you have another email account you can change the assoicated email address for you apple id. That is easy to do and would remove a risk if someone is holding the id.

Kjmcintosh wrote:

 

Thomas_r.  I think you'll find it is very easy to change your logon details for your apple id.

If you have another email account you can change the assoicated email address for you apple id. That is easy to do and would remove a risk if someone is holding the id.

You certainly can change the address - unless the address is a me.com or mac.com address - but that is not the same as changing the Apple ID. That is certainly not the same as cancelling an Apple ID and getting a new one.

Do any of you that have been hacked used your iCloud password for any other services?  Does your Apple ID email match the same e-mail you use for other services?  Such as eBay, which was recently hacked?

If they got a bunch of passwords from eBay they could just be trying iCloud with all of the e-mail/pass combos they obtained.  You'd be surprised how many people use the same e-mail/password on every site and/or service they sign up to.

thomas_r. wrote:

 

You certainly can change the address - unless the address is a me.com or mac.com address - but that is not the same as changing the Apple ID.

Except it is.

Your AppleID is your email address.

Your AppleID is your email address.

That's like saying that you are the clothes you are wearing. There is more to an Apple ID than the address it is associated with. Do your purchases all disappear if you change the e-mail address associated with your Apple ID? No. The address is simply the outward face of the Apple ID.

But that's all beside the point... you guys are arguing about something I never said. I never claimed you can't change the address of an Apple ID. I said that it is not a simple matter to, as Peter Sealy said, "cancel" an Apple ID and create a new one. Do you disagree with that?

thomas_r. wrote:
But that's all beside the point... you guys are arguing about something I never said. I never claimed you can't change the address of an Apple ID. I said that it is not a simple matter to, as Peter Sealy said, "cancel" an Apple ID and create a new one. Do you disagree with that?

Updating an an existing AppleID account with a new email address

vs.

starting a completely new AppleID account.

These are completely different, yes.

No I do not disagree with you. When I re-read your post I see that you were meaning not to go changing IDs e.g. get a completely new one, I was just try to point out that you can change the associated email to a different address. (Obviously as you say not if it is a me.com or a mac.com address)

On a security note, personally I set up alias for all my accounts that use a unique password on each. If you don’t have the ability then it is worth changing to an email provider that does let you do that.