Apple ID compromised! Breach to privacy!

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by lucie192019, Apr 22, 2019.

  1. lucie192019 macrumors newbie

    Apr 22, 2019
    5995C490-BCE5-456C-9A33-E617C163050E.jpeg 651CBA66-E68C-443E-8FE9-30790FB100C8.jpeg CF2A460B-3356-4E4A-ACA4-A7B8E17C9E31.jpeg My Apple ID has been compromised and I has been charged over night with multiple iTunes purchases made from the other side of the world resulting in blocking my bank card. Apple support has been helpful providing me full refund in 30 DAYS! Even though the payments has still be pending so your lost money won’t be return in one month time.

    But they are not fixing the bigger problem here. I found family photos from America and China saved on my device (I m based in Europe and never even been there) so who knows how many people has access to my private photos.

    My account has been linked to several users without my approval! My health app has more than 50 devices connected to it overnight and so far I didn’t get a proof that I m the only one who has access to my account and the rest has been disconnected after I changed my password.

    If you have purchased Apple product as me for its security be aware;


    I have been able to access family photos, health statistics and data going backwards several months of people and I don’t even know and has no idea how they appeared on my device.
  2. keysofanxiety macrumors G3


    Nov 23, 2011
    Did you have two factor authentication enabled?

    This isn’t the conclusion you should be drawing. It sounds like you have photos backed up to the cloud which is why you can access them on any device you login with.

    Also have a think about how your details could have been compromised to avoid a similar occurrence in future. There’s only a limit for what a company can do — if you didn’t have 2FA and somebody logged in with your credentials, there’s nothing that could reasonably be done to prevent that.

    Typically this is due to a shared password, where you use very similar passwords for things like your email or social media. Alternatively you may have fallen for a phishing scam.
  3. FFR macrumors 601


    Nov 4, 2007
  4. now i see it macrumors 68040

    Jan 2, 2002
    Your password got hacked or stolen. Not Apple's fault. Use a more complex/secure password
  5. MacDawg macrumors Core


    Mar 20, 2004
    "Between the Hedges"
  6. redheeler macrumors 604


    Oct 17, 2014
    My iCloud account has two-factor authentication enabled, as well as a unique password that I haven't used for accounts on other sites. Both of these are best practice if you want to prevent your iCloud account from being compromised, and make a situation like this many times less likely.
  7. Hieveryone macrumors 68040

    Apr 11, 2014
    Does 2 factor authentication make it basically impossible to get hacked???

    Mine is on.
  8. redheeler macrumors 604


    Oct 17, 2014
    Not impossible, but certainly a situation like the one in the OP is much, much less likely. If your password is compromised and someone tries to sign into your account, they wouldn't be able to successfully do so without the code sent to your trusted device.

    That being said, it's still a good idea to use a secure and unique password even with 2FA turned on.
  9. venom600 macrumors 6502a

    Mar 23, 2003
    Los Angeles, CA
    I woke up one morning a few years back to emails that my AppleID password had been changed and all my stuff was locked. I got VERY lucky in that they had neglected to change the email address associated with the account, and I was able to regain control and lock it down. I had been avoiding 2FA because of an old iPad I still use, but after that day I turned it on and never looked back.
  10. vietalogy macrumors 6502

    Sep 17, 2006
    No, it's not but helps. I've read that to some extent that people would even call peoples phone carrier to get their info onto a sim to receive the 2fa so they could get into someones account.

    To the OP start using a password generator and don't reuse passwords.
  11. BasicGreatGuy Contributor


    Sep 21, 2012
    In the middle of several books.
    Make sure you have more than 1 trusted phone number. It doesn't have to be a Apple device. It can be a landline or a trusted family member's android etc. That way, if your iPhone gets broken or lost and you need to access your account, you can do so with another trusted device that isn't part of your account devices.

    Unless someone has direct access to your trusted number(s), the chances of someone taking over your account are non-existent.

    As previously mentioned, make sure your account password is a mix of upper and lower case letters, numbers and symbols. Do not use the password for anything else. And to be even more secure, don't use your Apple ID account email anywhere else.

    If the OP had been practicing safe computing and account security, he wouldn't be in the mess he is in right now. He can't rightfully blame Apple.
  12. Hieveryone macrumors 68040

    Apr 11, 2014
    How can I make sure I'm the only one with direct access to my trusted phone number?
  13. Shirasaki macrumors G3


    May 16, 2015
    To do so you need to also own multiple phone numbers that you can also have access to. Never trust anyone but yourself in this scenario pretty much.
    I have a very long complex password that never used anywhere else as my iCloud password. I do not enable 2FA because of the freaking chance of locking me out of my account and some real incompatibility issues (for example workplace does not allow bringing multiple/personal devices or receiving calls from Apple). But a complex password and a set of good security questions is definitely a must.
    Not sure what will change if I buy a new iPhone XS Max or whatever released this year. Hope I can still use security questions and not “verification codes”.
  14. NoBoMac macrumors 68020


    Jul 1, 2014
    Add, didn't see anyone mention this: possibly a phishing attack. Apple will not ask for your id and password "to verify" via email, text. And if a website or app is asking for this information, scam.
  15. nicho macrumors 68020

    Feb 15, 2008
    The weird thing here is how these other devices, many of which have peoples' names attached to them, ended up signed in to this same iCloud account and uploading photos etc. to OP's iCloud account.

Share This Page

14 April 22, 2019