Q: My devices have been hacked. What do I do?

This topic has grown very quickly, and there are many people saying a lot of different things. Rather than try to address everyone, I'm just going to stick to some general information about this kind of hack.

What has undoubtedly happened in all these cases is that your Apple ID has been hacked. How that may have happened, I don't know. It could be weak passwords falling to brute force attacks by a botnet. It could be that people "logged in" to a malicious fake Apple server in response to a phishing e-mail. It could be something else entirely.

Once the hackers have access to your Apple ID, they can remotely lock all your iOS devices with a message. They can also see any data stored in iCloud (calendars, contacts, e-mail, notes, etc). If you have a Mac with Back to My Mac enabled, they could potentially get remote access to that. They could also make purchases on your Apple ID.

The solution to the problem is to regain access to your Apple ID. (Erasing the device is not a solution in many cases.) Reset the password, and make sure to change it to something very secure. As an additional security measure, I strongly suggest that you enable two-factor authentication on your Apple ID. Doing so provides additional security, and should prevent the hacker from ever being able to take control of your Apple ID entirely away from you.

A couple things that it's important to understand:

1) It is entirely possible for a hacker to lock you out of your Apple ID permanently by changing your security questions or even enabling two-factor authentication, which would prevent you from resetting the password. If the hacker enables two-factor authentication, Apple will not intercede to give you access! This is a security measure for people who choose to enable this feature, since you wouldn't want a hacker to talk an Apple support rep into giving up access to your Apple ID.

2) If you have iOS 7 installed, and have chosen to turn on Find My iPhone/iPad/iWhatever, a hacker in control of your Apple ID can lock you out of your device permanently. You will not even be able to erase the device without providing the Apple ID password. If they manage to take control of your Apple ID permanently, then you obviously will not be able to do that any longer. Apple will not give you access to a device locked in such a way, as this is an anti-theft feature.

You should not be afraid of turning on Find My iPhone, which is an important anti-theft feature. Instead, simply enable two-factor authentication to make sure your Apple ID is secured, so nobody can manage to use this feature against you.

Note that enabling two-factor authentication does not guarantee that your Apple ID won't be hacked, so you still need to use a strong password. What it does protect against is changes to your Apple ID that would give the hacker permanent access. With two-factor authentication enabled, you will always be able to reset the password on your Apple ID and regain access to it, as long as you follow the directions and are careful to save the recovery key.

I'm in Melbourne - this woke me up at 4.30 (the least the hackers could do is not play an obnoxious sound....)

I found this article http://www.nltimes.nl/2014/05/21/apple-icloud-hacked-dutch-gang/, so I wonder if it has anything to do with this incident.

There is no information anywhere else, and only one small new article - it seems very strangeas this seems to have been happening for over 24 hours - so thanks for everyone who put up advice here!

I understand having to reset your Apple ID etc but I've done all that and there is still a pass code on my iPhone  which I don't have! How do we get past that??

Yep 3 devices taken down in Brisbane. Really annoying at 5am.

The Dutch hacker story would have to be related in some way or form. Either they're using their method or someone else has got their hands on it.

I feel as if I should just wait it out as I'm sure Apple will issue a statement and give further details and support on it very soon. That is the hope anyway.

I wonder if it has anything to do with this incident.

No, it does not. The Dutch hacking story involves hackers who have found a way to unlock stolen devices running iOS 7 that have been permanently locked by Find My iPhone. This only applies to devices in their possession, and does not give the hackers access to the Apple ID or the ability to remotely lock iOS devices.

poppyp_z wrote:

 

I understand having to reset your Apple ID etc but I've done all that and there is still a pass code on my iPhone  which I don't have! How do we get past that??

See the following instructions from Apple:

http://support.apple.com/kb/ht1212

I have find my iPhone switched on so need to erase all data.... Will I definitely get everything back or should I wait and go to an apple store?!

This has happened to me too in Brisbane, woke me up half an hour ago. Freaking out as when I opened my laptop it had the same message "Device hacked by Oleg Pliss. For unlock device" with the Find My iPhone icon. 
Freaking out so have changed my apple ID and need to turn on two-step verification.... could this have anything to do with the fact that I updated my OSX yesterday?

OKAY so it takes three days to set up two step notificaion... but who knows what will happen to my account between now and then!!!!

Thanks for the lengthy post with plenty of great information thomas_r.  It contains lots of great information.

I was also hit on 4 of 5 devices.  Two with no issue as they already had pass codes on them. The other two, that did not have pass codes have now been locked by our friend Oleg.

I am in London on holidays at the moment, and must have been one of the first to see it.  I took both devices straight to the local Apple Store, who really hadn't seen anything like it.  They got me on the chat to Apple immediately, it took 25 minutes to get the person online to same place that the guy in store got to in 2 minutes. "Use find my phone, and turn the lock off".  When I asked how I get the passcode off she couldn't answer, and then had to put me through to the AppleCare technical team.  I am now awaiting a return phone call.

Much of the conversation revolved around how it was impossible for anyone to remotely add a passcode, unless I did it, or gave them my details.  I pointed them to look at this thread and their opinion very quickly changed!

After all this, my one question still remains to be answered:

How can a passcode be added remotely, through iCloud, to a device that did not previously have one, and then Apple not have the method to either remove it, or change it?

How can a passcode be added remotely, through iCloud, to a device that did not previously have one, and then Apple not have the method to either remove it, or change it?

This is a feature of Find My iPhone. You can remotely lock your iPhone with a passcode, as a measure to keep a thief from accessing your data if the phone is stolen. Apple techs cannot clear the code for you because it is an anti-theft feature, and allowing them to unlock it is a very bad idea, because the person who wants it unlocked might be a smooth talker and may know some of your personal information. That's gotten Apple - and other companies - in trouble before:

http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/all/

Tightening of this kind of security at Apple began in direct response to Mat Honan's story.

Same here - in Adelaide. iPad woke me at 4.30am with the message 'Your device has been hacked by Oleg Plis' and sound - I thought it was the morning alarm. I just signed in with my code, and all seems ok. I then signed in to my powerbook - but as a guest user - VERY grateful I did. Message to say I'd been hacked there too, wouldn't let me sign out without erasing all data for that user. As there was nothing but a couple of expendable files on there, I signed out. And the guest user portal has been erased. I then went into my own (password protected) desktop, no hacking message. Have changed my Apple ID password - which has two iPads, two iPhones and my Powerbook attached to it (!!) I've received 15 messages in my hotmail account from Find My Phone to say that 'lost status' was applied to all my devices, 'sounds were played' on all my devices, and all my devices were subsequently 'found'. All devices have passcodes, so I hope this means I've got control back! Have changed my bank password - via phone banking - and will change all my other passwords tomorrow on the desktop at work! Accidentally left my iPhone at work, so was absolutely paranoid that someone had found it and got in... but thanks to this thread, I can see I'm not alone, and iPhone will be sitting on my desk when I get in.. in a couple of hours... Await further instructions and won't be using phone banking on ay of my devices til I'm sure!

Let us know if you have any luck! also stuck on the passcode issue...

I updated my OSX yesterday as well!!!!

Now my iMac is prompting me to update... not yet!!