Q: My devices have been hacked. What do I do?

Make sure you use Apple's Two-Step Verification process, after you get your iOS device restored, too ...

http://support.apple.com/kb/ht5570

Star Traveler wrote:

 

Make sure you use Apple's Two-Step Verification process, after you get your iOS device restored, too ...

 

http://support.apple.com/kb/ht5570

This won't help if someone gets/hacks your password. It just won't allow someone to access/manage the ID on apple. I wish there was someway Apple can devise an additional secure step for Find My Iphone. That would close this security hole.

I don't know how many times this has to be said. This is not an Apple security hole. If people use the same password on multiple sites, there's nothing that Apple can do about it. I just don't believe those posters who have been hacked who say that their Apple ID password is unique.

That's precisely what this prevents, you see ... :-) ...

Two-step verification is an optional security feature for your Apple ID. Two-step verification requires you to verify your identity using one of your devices before you can take any of these actions:

- Sign in to My Apple ID to manage your account

- Make an iTunes, App Store, or iBooks Store purchase from a new device

- Get Apple ID related support from Apple

Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.

Why should I use two-step verification with my Apple ID?

Your Apple ID is the key to a lot of things you do with Apple, so it's important that only you have the ability to access your account details, update your password, or make other changes to your account. Two-step verification is a feature you can use to keep your Apple ID account as secure as possible.

Star Traveler wrote:

 

That's precisely what this prevents, you see ... :-) ...

You should post a link to web pages you copy word for word.

-> Frequently asked questions about two-step verification for Apple ID

Please read the Apple text you posted. The 2-step verification process only prevents access to your AppleID, purchases on iTunes, etc.

IT DOES NOT protect someone who gets or hacks your password from gaining access to iCloud.com and Find My iPhone. The power to remotely erase or lock your iOS device is a great scheme to protect your investment and user data. However, in the wrong hands, we get things like this happening.

Again I think Apple needs to devise a better mouse trap for iCloud.com and/or Find My iPhone. Maybe being required to enter the recovery key given for the 2-step verification, this could stop unauthorized use (just MHO).

Apple's services are not hacked:

Today Apple issued a statement on the problem, noting that—as suspected—the iCloud service itself was not actually breached, but individual user accounts may have been compromised through password reuse or social engineering:

http://9to5mac.com/2014/05/27/apple-denies-icloud-breach-was-responsible-for-dev ice-lockout-attack-advises-users-to-change-passwords/

Basically don't "give away" your password and don't reuse it. And then use Apple's Two-Step Verification process and you'll be fine.

Greg,  the email I received was from Apple (checked it out with Apple at the store and it was genuine). So what essentially happened is after changing passwords another attempt to hack was made - but it failed as I'd changed the password AND set a new passcode on all 3 of my devices.

Someone asked what email I'd changed my pwd for.  It was the email associated with my Apple ID, and I also changed the pwd on another "backup" email address (used for recovery purposes).

I've also only ever had the one (same) Apple ID (someone asked about that as well).

The only thing that seemed to stop the hack attempts was to completely disconnect from iCloud. Have been hack-attempt free for 18hrs now

And FWIW I'm getting a little tired of being told I must have used my Apple pwd on another site. NO. I. DID. NOT. I'm not forgetful or stupid - this was a unqiue pwd used absolutely nowehere else. Also, how would you explain the second (failed) attempted hack against a new pwd that was literally 2 minutes old?  The Apple guys just scratched their heads over that one (but why am I surprised about that, when they also said head office hasn't given them a lick of guidance as to how to deal with this).

It doesn't matter if you don't believe it. I HAD A UNIQUE APPLE ID PASSWORD and had five devices affected.

deskokat wrote:

 

It doesn't matter if you don't believe it. I HAD A UNIQUE APPLE ID PASSWORD and had five devices affected.

Its also not just how unique it is to you but also how strong your passwords are.

It would not be a stretch for hackers to go from unlocking stolen devices with a hack, too locking them.

Has anyone looked at the firewall logs of a hacked/locked mackbook, to garner any info as to originating IP traffic accessing the Find my Mac or Back to Mac services?

Telling people that you don't believe them, based on nothing but your opinion is offensive. Several devices in my family were hacked and I manage the accounts. NONE had duplicated passwords, all were unique, as are all passwords under my control. I work in an area when security is of very real concern and use a password system that is very secure. I do not know what the answer is, and the only commonality I can find between those in my family and those reported by our corporate IT dept., is that all the devices had used a VPN unblocking server. How that leads to an ability to hack I do not know. My only thought is that there is a window of several minutes between when a legitimate access is made to a the app store - in app purchase etc., and accessing the VPN server, or when the server is already in use and a purchase is made. My kids used an unblocking VPN to access and stream material that is Geo blocked here and would sometimes make a purchase via that VPN to access that material. The iTunes store in Australia geo-blocks a lot of content. You have to use a VPN and switch to a US iTunes account to access it.

"My kids used an unblocking VPN to access and stream material that is Geo blocked here and would sometimes make a purchase via that VPN to access that material. The iTunes store in Australia geo-blocks a lot of content. You have to use a VPN and switch to a US iTunes account to access it."

So it's okay for you to access iTunes against Apple's terms of service?

Chris CA,

You must be an American. I dont use any geoblocking, but you should not criticise people for going down that path. What people like you dont realise is, in Australia, we pay double the price for the same thing you get in the USA. Songs on Itunes are twice the price. We often cannot even get certain movies or TV shows because FOX has the rights in Australia and their subscription prices are a joke relative to the USA. If you are an Aussie you should know better.