User profile for user: dukeimg
dukeimg Author
User level: Level 1
4 points

My Apple ID was hacked even though 2SV is enabled

I have 2SV enabled on my Apple ID. However, my account was hacked and my iPhone was locked for few seconds while I was working on my laptop.

User uploaded file

They used icloud.com from a Windows device (most likely, but this information can be easily faked via e.g. Tor) to get access to my account.

Once I clicked `Do Not Allow`, my Apple ID was locked and access to my iPhone was automatically restored. Everything is fine now, I set up new stronger password. But I'm wondering, how did they get my 6-digit verification code? My phone did not get any text messages, so probably stealing data from SMS can be excluded (or not?).


I'm not in Istanbul btw, I'm few thousand km away from there. But again, you can fake this data pretty easy.


Any thoughts?

iPhone 5s, iOS 11, null

Posted on Sep 24, 2017 5:54 AM

Reply
Question marked as Top-ranking reply
User profile for user: Winston Churchill
Winston Churchill
User level: Level 10
122,622 points

Posted on Sep 24, 2017 6:17 AM

Nobody has bypassed 2 factor authentication or 2 step verification, it isn't even a factor in what's happened.

It's all quite simple really, these people have got hold of your password and accessed the option to lock your device. You need to be able to do this yourself should you wish to lock your only trusted device which uses your only trusted number.

You don't need to workaround 2 factor authentication or 2 step verification to do this, these are security measured aimed at protecting the data in your account and they are still doing this.

How they got your password is another matter. It may be as a result of inviting malware onto your devices, but most commonly users give up their passwords through phishing, make them too easy to guess or use them for other services that require passwords that ultimately get hacked.


To protect yourself properly, Use a strong password, use a different password for each service and don't give it up when you get messages telling you to verify your account details.

View in context
1 reply
Question marked as Top-ranking reply
User profile for user: Winston Churchill
Winston Churchill
User level: Level 10
122,622 points

Sep 24, 2017 6:17 AM in response to dukeimg

Nobody has bypassed 2 factor authentication or 2 step verification, it isn't even a factor in what's happened.

It's all quite simple really, these people have got hold of your password and accessed the option to lock your device. You need to be able to do this yourself should you wish to lock your only trusted device which uses your only trusted number.

You don't need to workaround 2 factor authentication or 2 step verification to do this, these are security measured aimed at protecting the data in your account and they are still doing this.

How they got your password is another matter. It may be as a result of inviting malware onto your devices, but most commonly users give up their passwords through phishing, make them too easy to guess or use them for other services that require passwords that ultimately get hacked.


To protect yourself properly, Use a strong password, use a different password for each service and don't give it up when you get messages telling you to verify your account details.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

My Apple ID was hacked even though 2SV is enabled

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up