How could thief change my iCloud password?

Question

Level 1

8 points

How could thief change my iCloud password?

My wife's iPhone recently got stolen. It was locked with a passcode and had the FindFriend enabled. Talking to Apple I was reassurred that there was no way its data could be hacked. Maybe thats why I got relaxed and lowered my shields. Busy at work, did not look out for this email as it had come onto my personal email account.

Here I am reporting this: received an email about 18 hrs from theft that my iCloud password had been reset. Two factor authentication was on and my Sim had been disabled and diverted to a newly issued one. I am perplexed: how could this happen?

I have since recovered my iCloud account but this no longer has the FindFriend (surprise!) My other question is, can Apple not 'bar' its IMEI (or serial if IMEI gets changed) from its servers/app store etc to make it unusable? Carriers are useless, and phone can cross geographical boundaries.

Any suggestions on what I should do to ensure my data is not misused (still available on iCloud). What passwords are likely to have been compromised (email of course)?

Thanks

mrazanaqvee

iPhone 6s, iOS 11.0.3

Posted on Oct 25, 2017 3:55 PM

Reply

Answer 1

Eric Root

Level 10

685,299 points

Oct 26, 2017 10:35 AM in response to mrazanaqvee

When you went to access your Apple/iCloud account, had the password been changed? Since you have recovered your account, make sure you have a strong password. You already have 2 Factor Authentication enabled, so that is the most security you can get.

Reply

Answer 2

Eric Root

Level 10

685,299 points

Oct 28, 2017 10:02 AM in response to mrazanaqvee

You are welcome. If the phone was a trusted device and they had figured out the correct password, the code was probably sent to the device is all I can think of.

Reply

Answer 3

mrazanaqvee Author

Level 1

8 points

Oct 28, 2017 5:10 AM in response to Eric Root

Thanks Eric, yes couldnt log into the account. What I can't remember is how I accessed the site. Did I click link in the 'password changed' email or typed address myself. Apple reckon it could be a spam but sending address was @id.apple.com so I didn't think it could be.

But without two factor authentication how can they change a password, that's the mystery.

Reply

Answer 4

LACAllen

Level 8

43,590 points

Oct 28, 2017 4:55 PM in response to mrazanaqvee

Here I am reporting this: received an email about 18 hrs from theft that my iCloud password had been reset. Two factor authentication was on and my Sim had been disabled and diverted to a newly issued one. I am perplexed: how could this happen?

Are you 100% sure all of this happened?

If they actually added 2FA, how did you recover the account? 2FA removes security questions. If they added 2FA, they would have made her phone a trusted device. Did you end up using Apple's Account Recovery process?

A SIM is not managed in any way via Apple, so I don't understand how it could have been disabled and you told about this via the same email. Apple would not have that information even if true.

Did this message have a link in to for you to go "fix this"?

Reply