So this is a strange problem a friend is having, walked her through several things, just wondering how this attack might have happened (from my own technical interest), but potentially any solutions. I've been a dev/architect/writer for a _long_ time, but this is a new one to me, though I'm not up on all the current exploits. It's an old high school friend of my wife's (she lives up north so not local to us), she works hard, so this is extra painful for her and her kids. She's pretty off the grid in terms of tech, and/or being involved on anything that would expose information, the iPad stays at home. So here's the scenario, point-by-point: She has a Mini, I think it's a 1 or 2, she said it's about 5 years old. She paid cash, bought it brand new from Target/Walmart, doesn't have the receipt any longer. She was watching Netflix, the device reset this morning - I mean, just right in the middle of a show she said, came back with an activation lock prompt. I was concerned about her email being hacked (it's a Yahoo account), I was able to generate an SMS code to her, I used that to reset to Yahoo email to a nice strong password. While I was at it, I reset her Netflix and iCloud/AppleID accounts as well. Her activation lock prompt matches her Yahoo account, i.e., the first letter is the same, then *** and the yahoo.com suffix. However, when she enters her email and [new] AppleID password it says invalid. She calls Apple (on the phone while I was resetting her accounts) and they say, her email is no longer associated with her iPad, determined from her providing the serial number from the back of the device. They also indicated the device has been flagged as stolen (something about an "F2" security lock?) My assumption with her bad password was that someone gained access to her Yahoo email, used that to reset her iCloud/AppleID password, and used that to access it, but how things wound up don't seem possible even with that level of account access. So it appears that someone was able to register this device (or at least the serial) to an iCloud account, without having physical access to the device[?] She was able to gather from Apple support that her apple ID is NOT the current associated AppleID (of course they won't disclose what it is), however the masked email in the Activation Lock screen does happen to still match her actual AppleID ... see below: Odd [unrelated?] coincidence: when she was trying to get access to her account, she tried firstletter + firstname.lastname@example.org because the obfuscated email shown on the Activation Lock screen happen to match it (her real email uses the same first letter and they both share the @yahoo.com suffux) - that email ID is actually "locked for security", again, probably no correlation, and her name is pretty common, but given the strange set of events. Further info: I tried accessing this guessed at email account from above, and the phone number for the account reset was unknown to her - yet again, this could simply be coincidence. Feel so bad for her a new iPad purchase isn't easy for her as it is for some of us, I'll probably offer to track one down in the marketplace right here at MR, heck, she'd be happy with a functioning 5 year old device, let alone something new-ish.