Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

lucie192019

macrumors newbie
Original poster
Apr 22, 2019
1
0
5995C490-BCE5-456C-9A33-E617C163050E.jpeg
651CBA66-E68C-443E-8FE9-30790FB100C8.jpeg
CF2A460B-3356-4E4A-ACA4-A7B8E17C9E31.jpeg
My Apple ID has been compromised and I has been charged over night with multiple iTunes purchases made from the other side of the world resulting in blocking my bank card. Apple support has been helpful providing me full refund in 30 DAYS! Even though the payments has still be pending so your lost money won’t be return in one month time.

But they are not fixing the bigger problem here. I found family photos from America and China saved on my device (I m based in Europe and never even been there) so who knows how many people has access to my private photos.

My account has been linked to several users without my approval! My health app has more than 50 devices connected to it overnight and so far I didn’t get a proof that I m the only one who has access to my account and the rest has been disconnected after I changed my password.

If you have purchased Apple product as me for its security be aware;


YOUR DATA IS NOT SECURE AND NOT PRIVATE!


I have been able to access family photos, health statistics and data going backwards several months of people and I don’t even know and has no idea how they appeared on my device.
 
Did you have two factor authentication enabled?

If you have purchased Apple product as me for its security be aware;


YOUR DATA IS NOT SECURE AND NOT PRIVATE!

This isn’t the conclusion you should be drawing. It sounds like you have photos backed up to the cloud which is why you can access them on any device you login with.

Also have a think about how your details could have been compromised to avoid a similar occurrence in future. There’s only a limit for what a company can do — if you didn’t have 2FA and somebody logged in with your credentials, there’s nothing that could reasonably be done to prevent that.

Typically this is due to a shared password, where you use very similar passwords for things like your email or social media. Alternatively you may have fallen for a phishing scam.
 
My iCloud account has two-factor authentication enabled, as well as a unique password that I haven't used for accounts on other sites. Both of these are best practice if you want to prevent your iCloud account from being compromised, and make a situation like this many times less likely.
 
Does 2 factor authentication make it basically impossible to get hacked???

Mine is on.
Not impossible, but certainly a situation like the one in the OP is much, much less likely. If your password is compromised and someone tries to sign into your account, they wouldn't be able to successfully do so without the code sent to your trusted device.

That being said, it's still a good idea to use a secure and unique password even with 2FA turned on.
 
I woke up one morning a few years back to emails that my AppleID password had been changed and all my stuff was locked. I got VERY lucky in that they had neglected to change the email address associated with the account, and I was able to regain control and lock it down. I had been avoiding 2FA because of an old iPad I still use, but after that day I turned it on and never looked back.
 
Does 2 factor authentication make it basically impossible to get hacked???

Mine is on.

No, it's not but helps. I've read that to some extent that people would even call peoples phone carrier to get their info onto a sim to receive the 2fa so they could get into someones account.

To the OP start using a password generator and don't reuse passwords.
 
Does 2 factor authentication make it basically impossible to get hacked???

Mine is on.
Make sure you have more than 1 trusted phone number. It doesn't have to be a Apple device. It can be a landline or a trusted family member's android etc. That way, if your iPhone gets broken or lost and you need to access your account, you can do so with another trusted device that isn't part of your account devices.

Unless someone has direct access to your trusted number(s), the chances of someone taking over your account are non-existent.

As previously mentioned, make sure your account password is a mix of upper and lower case letters, numbers and symbols. Do not use the password for anything else. And to be even more secure, don't use your Apple ID account email anywhere else.

If the OP had been practicing safe computing and account security, he wouldn't be in the mess he is in right now. He can't rightfully blame Apple.
 
  • Like
Reactions: SRLMJ23
Make sure you have more than 1 trusted phone number. It doesn't have to be a Apple device. It can be a landline or a trusted family member's android etc. That way, if your iPhone gets broken or lost and you need to access your account, you can do so with another trusted device that isn't part of your account devices.

Unless someone has direct access to your trusted number(s), the chances of someone taking over your account are non-existent.

As previously mentioned, make sure your account password is a mix of upper and lower case letters, numbers and symbols. Do not use the password for anything else. And to be even more secure, don't use your Apple ID account email anywhere else.

If the OP had been practicing safe computing and account security, he wouldn't be in the mess he is in right now. He can't rightfully blame Apple.

How can I make sure I'm the only one with direct access to my trusted phone number?
 
How can I make sure I'm the only one with direct access to my trusted phone number?
To do so you need to also own multiple phone numbers that you can also have access to. Never trust anyone but yourself in this scenario pretty much.
I have a very long complex password that never used anywhere else as my iCloud password. I do not enable 2FA because of the freaking chance of locking me out of my account and some real incompatibility issues (for example workplace does not allow bringing multiple/personal devices or receiving calls from Apple). But a complex password and a set of good security questions is definitely a must.
Not sure what will change if I buy a new iPhone XS Max or whatever released this year. Hope I can still use security questions and not “verification codes”.
 
Add, didn't see anyone mention this: possibly a phishing attack. Apple will not ask for your id and password "to verify" via email, text. And if a website or app is asking for this information, scam.
 
The weird thing here is how these other devices, many of which have peoples' names attached to them, ended up signed in to this same iCloud account and uploading photos etc. to OP's iCloud account.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.