find my iphone turned on by someone else

This morning, I woke up to find that "find my iphone" had been activated on my phone. I was able to unlock it with my appleID and password, but I'm worried this means my account has been compromised somehow. I purchased the phone new from an authorized retailer over six months ago and this is the first time I've had this problem. Possibly related: I have changed my appleID since I bought and activated the phone, from a defunct @mac.com address to my current email, but didn't change it on the phone, so I can't see it on my page on the appleID portal. Does anyone know what might have happened/what I should do? I've already turned off Find My iPhone and logged out of cloud access until I can figure out how to update the appleID on the phone.

iPhone SE, iOS 10.2

Posted on Mar 31, 2017 2:18 PM

27 replies

Nov 30, 2017 2:44 PM in response to edgaar

Happened to me just now. Am I at risk of a stalker finding me or a burglar trying to find out if I am home?

Apple?

Mar 31, 2017 2:24 PM in response to Csound1

I don't think so; I asked my husband and he said he didn't (he doesn't use my computer anyway, so it would be hard for it to be an accident), and the cat doesn't have thumbs. I guess there's a chance I've developed an odd form of sleepwalking, but I'm considering that low-probability for now.

Mar 31, 2017 2:31 PM in response to Csound1

Just to clarify: I had previously turned on the feature "find my iphone," what I mean is that it was activated last night. I assume it must be possible to do that remotely, because why would you only want to be able to find your iphone when it was in your hand?

ckuan

Level 10

120,932 points

Mar 31, 2017 2:36 PM in response to marjoriefromhere

FMiP cannot be activated remotely. It can only be turn ON & OFF on the device itself.

FMiP is a security feature against theft. Once it is ON, you can use any computer browser/apple device to track it.

Mar 31, 2017 2:41 PM in response to Csound1

It was locked with a screen that said (I'm paraphrasing here) "Find my iPhone has been activated for this phone, enter your AppleID and password to access." Once I entered them, I was able to use the phone as usual.

Oct 4, 2017 2:05 PM in response to ItsMeJC

You did NOT receive 2 emails from FMiP; it never sends emails. So those were phishing attempts also. And Apple never sends emails saying to sign into iCloud, so those were likewise scams. And probably the notice that it was put into lost mode was a scam also.

About the only legitimate message you received was that someone tried to log into your account from Russia. And you handled that correctly by denying it.

So what happened is someone in Russia figured out your password and entered it. That triggered the 2FA notification; when you clicked Deny, Apple's system figured out that your password had been hacked, and prompted you to change it. All of the emails were fakes. The fact that your password was hacked allowed the hacker to put it in Lost mode. But that's all they could do without your cooperation. Once you entered your screen passcode that took it out of Lost mode.

The only remaining question is how the hacker figured out your iCloud password. do you use the same password for multiple sites? Recall that Equifax was hacked, and every Yahoo email address (3 billion) and passcode was stolen. Plus several others. So if you reused any of your passwords for your iCloud account that's how they got it.

Oct 4, 2017 2:39 PM in response to Lawrence Finch

One added note: 2FA verification is not required to put a phone into Lost mode; only the User ID and passcode. That's so you can do so without having access to your verification device. But that's the only thing you can do without 2FA.

You can try this for yourself; log in to iCloud.com from a browser you have never used for it before. You will see the confirmation dialog, but you can still click "around" it to get to Find my iPhone. The only thing it will allow is Lost mode.

Csound1

Level 9

60,063 points

Mar 31, 2017 2:21 PM in response to marjoriefromhere

It is not possible to turn FMP on without the phone being in your possession, remote access to that function is not possible. So, is there someone in your house who could have done it?

ckuan

Level 10

120,932 points

Mar 31, 2017 2:21 PM in response to marjoriefromhere

You should not switch off Find My iPhone. It is a security feature against theft.

You can change your password here: https://appleid.apple.com

Csound1

Level 9

60,063 points

Mar 31, 2017 2:35 PM in response to marjoriefromhere

Explain what you mean by "it was activated last night"

What did it do?

Csound1

Level 9

60,063 points

Mar 31, 2017 2:45 PM in response to marjoriefromhere

None of this makes much sense, you are the one who first activated it (turned it on).

I would change your password (turn find my phone off while you do this).

Csound1

Level 9

60,063 points

Mar 31, 2017 2:57 PM in response to marjoriefromhere

Whoever it was used your ID and password, that's why I suggest that you (at least) change the password.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

find my iphone turned on by someone else