find my iphone turned on by someone else

Someone attempted to hack your iCloud account and apparently failed. You should add 2 factor authentication to the account. And it might be a good idea to change your Apple ID. See: Apple ID: Changing your Apple ID. To reduce the probability of this happening again create a new email account (gmail, for example) and use it for your Apple ID. And don't use it for anything else; don't tell anyone about it. Make it something that isn't easily associated with you.

What do you mean it "turned on by itself?" The only way to turn on Find my iPhone is on the phone itself. It cannot be turned on remotely.

Something similar happened to me the other day. My iphone alarm to wake me up didn't go off so I checked my iphone and the first display on the screen was that it was put into lost mode. The message said to contact an email, which was made to look like an Apple email but it wasn't, it ended with @post.com. I cancelled that and entered my iphone PIN and then a notification screen appeared requesting access to my Apple ID/icloud account for use in Russia (not where i was). I clicked don't allow and was prompted to change my password, which I did. I use two factor authentication for account security, which sent me a code via text message to allow the password change. I also had 2 emails from FMiP saying my iphone was put into lost mode and then it was found, both sent at the same time stamp after i was sleeping. I had 1 email saying my Apple ID was used to sign into icloud via a web browser, same time stamp as the 2 FMiP emails.

I contacted Apple today to verify account security and they said my account was not breached and was secure. I'm calling BS on that as my iphone was put into lost mode and email was sent saying my icloud was accessed after i was sleeping. My question is how since I had 2 factor authentication enabled?

It means that someone hacked your iCloud account and put the phone in lost mode. Change your password IMMEDIATELY, and consider adding 2 factor authentication. See: If you think your Apple ID has been compromised - Apple Support

And have a conversation with anyone you share your iCloud account with (which should be no one), or who might know your iCloud password.

marjoriefromhere wrote:

I think we're talking at cross-purposes here. Yes, I originally made it possible for the find my iphone feature to be used on my phone, by enabling it some time ago. However, I did not do anything with it recently. It appears that what happened last night was that someone was able to do this (from If your iPhone, iPad, or iPod touch is lost or stolen - Apple Support):

1. Sign in to icloud.com/find on a Mac or PC, or use the Find My iPhone app on another iPhone, iPad, or iPod touch.
2. Find your device. Open Find My iPhone, and select a device to view its location on a map. If the device is nearby, you can have it play a sound to help you or someone nearby find it.
3. Turn on Lost Mode. Using Lost Mode, you can remotely lock your device with a passcode, display a custom message with your phone number on your missing device's Lock screen, and keep track of your device's location. If you added credit or debit cards to Apple Pay, the ability to make payments using Apple Pay on the device is suspended when you put your device in Lost Mode.

And that someone definitely wasn't me.

1. FMiP must be ON (only can be turned ON directly with the device).

2. Only if iPhone FMiP is already ON.

3. See above.

I guess there's a chance I've developed an odd form of sleepwalking, but I'm considering that low-probability for now.

Not that low it seems, as there is no other way to turn it on you must look at all the possibilities.

I had exactly the same problem. This morning my ipad was locked because "find my iphone" was activated. I had no problem to unlock the device but I don't understand why the FMiP was activated in the first place.

Wow, your story creeped me out as the exact same thing happened to me, only my windows account was involved as well. Woke up to a message on my phone saying my windows account had been comprimised and I should change my password asap, then found my ipad in lost mode. When checking where this activity came from, either my apple or windows id put the place of the attempted breach somewhere in Russia (miles away).

Changed both passwords, 2 factor id is on, anything else you guys would reccomend?

Timber777 wrote:

Changed both passwords, 2 factor id is on, anything else you guys would reccomend?

Yes. Never reuse passwords. Every password for every account, website, app or service should be unique. That way if one of your providers is hacked it won't allow the hacker to access any other of your accounts.

I realize that creates issues of tracking them, but there are many good password managers that make it much easier. I use SplashID Safe, but there are many other good ones. What I've taken to is using my password manager to generate long (16 characters), completely random passwords that even I don't know (or need to know).

Yes, I did some experimenting earlier and saw that I could enable the lost mode with just a password, which makes sense because if the 2FA device was lost the feature would be impossible to enable.

To address your earlier comment about Apple/FMiP sending emails, when I was experimenting with the icloud, I did receive emails saying I put my device into lost mode, when it was found, and when I signed into my account on a new device/browser. The emails I received when my account was breached were not phishing/fakes.

Now I just have to figure out how they got my password, which has been changed. Thanks for the replies.

KathrynGilchrist wrote:

Happened to me just now. Am I at risk of a stalker finding me or a burglar trying to find out if I am home?

Apple?

Who did you loan it to, they will be the one who turned it on

This just happened to me last night. I had to reset my password because it had been locked from someone trying to get into my account.

Thanks. I'm definitely presuming someone tried accessing my accounts, as two otherwise independent accounts were involved. Time to rethink my approach to cybersecurity.