Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

robert.s

macrumors newbie
Original poster
May 24, 2021
3
0
Hi.

This happened Saturday while driving with wife & kids. My wife receives a notification on her iphone 12 mini - "your account information has been updated" and another email address appeared where the apple id is shown - in the settings menu. She was confused, I was ignorant. Then, the "enter your password" screen kept popping on her phone. Whatever the password used to be, it was not accepted anymore.

Opening her email inbox, the same confirmation of email address changed appeared, also saying something like "if you do not recognise this, click here to ...". She clicks the link, tries to login using her known apple id address - error - apple id not found.

We start to panic.

Another email pops in her inbox right after - "A sound was played on your iPad". WTF?? Started to put things together soon after that. We had an iPad (2018 model) that we could not find for a while - but just thought the kids misplaced it somewhere in the house and we didn't bother much to find it. My wife tried once to find it by making it play a sound. That sound was played just then -> ipad is connected to wifi and it's not in our possession -> ipad stolen.

That iPad was logged in on my wife's apple id and had a 4 digit pass code.

From there on, the story makes more sense, I think.

The problem is that Apple cannot help my wife regain her account - they cannot intervene in the process. It was the result of a call we had on Saturday with a US support agent and again today with a "senior" support agent from the UK. Nothing they can do, even if a history of usage would tell for clear that this is a theft. It should be enough just to send an email to my wife's old email address and ask for a password change. But they are unable to do it.

Of course we tried every single thing we could find online in order to reset the password. Nothing applies. The thief changed the phone number as well.

How can this happen? Without any 2fa, any sms confirmation, any other confirmation on another trusted device??

My wife's account is completely compromised - the thief has access to everything backed up in iCloud, etc.

And worse of all, she can't even sign out of that account on her iphone 12 because she doesn't know the password!!! The thief can decide to lock the device and erase it at any moment!!! Do I need to mention all the personal information he already has access to??

How, Apple, how can this happen???

We've emailed the thief (using the email address that appears now on her iphone) offering to pay for the iPad without caring about other aspects.

We filled in a report at the local police station and will go to see a lawyer tomorrow.

We're desperate in trying to regain access to that account. If anybody has a bright idea in the meantime, please, please, share it.

Thank you!
 
At the very least I’d create a new Apple ID and wipe the iPhone by restoring it as a new phone using the new ID. Not sure if you can do that though without access to your old (compromised) Apple ID. You may be well and truly buggared.

Let this be a lesson. Apple puts all that log in-security-pin stuff on the Home Screen of their mobile devices for a reason. Disable it at your peril.

How did the thieves get past the Home Screen log in security? How did they know the Apple ID password to be able to change it? Have you considered this might be an “inside job?”
 
Thanks for the reply, but I think you've missed a few details. The iPad had a 4 digit pin and I'm pretty sure the thief didn't know my wife's password - I don't even know it - but still, they were able to change it.
 
Somebody had to know it. As your finding out you can’t change an Apple ID password without knowing the previous password. I’m still thinking inside job. What do your kids have to say about the iPad?
 
Last edited:
OK, if the iPad was open or some reason left open. The thief could ask apple to reset the password by sending a link to your email. If the iPad was open and the email count was on the ipad they could change the password and then after that change the security settings. The email address itself is written in stone and can not be changed. Once the account is compromised Apple can not do anything to change it. I worked at the local store here and that was a big issue.
Did she setup a recovery email? That is an option which should be secondary email in case you are locked out of the main one. I have mine set to my work email.
 
I know there are some hard facts in here and it's hard to believe, as situations like this are commonly caused by customer's ignorance, but it's what happened. The iPad could not be left open, as we couldn't find it for months. It had a 4 digit passcode. I don't care much about getting the iPad back - although it would be nice - I want that goddamn apple id back as my wife is going crazy these days. I'm sure Apple could help, but they're held back by weird policies and laws. But laws do change once proven faulty.
 
The iPad could not be left open, as we couldn't find it for months
By your own admission the iPad was out of your control for months. Who all had the ability to open/unlock the iPad?

You mentioned you thought the “kids misplaced it.” Could they have shared codes with friends? You may not want to hear this but somebody had to do something shady. These things don’t “just happen.”

Since you’re willing to walk away from the iPad your task gets easier. You just need to associate your wife’s iPhone with a clean Apple ID. The phone needs to be restored as new. Apple will likely be more help to you with this than the were with changing your password. If you’re near an Apple store I would make an appointment and see if they can help.

As an aside… those “weird policies and laws” are in place to prevent just this sort of thing from happening. If you could change passwords with an email or phone call fraud and ID theft would be much worse than it already is.
 
How did they know the Apple ID password to be able to change it? Have you considered this might be an “inside job?”

They didn't need to.


They only needed to know the current password or device passcode. They knew the device passcode.



OP is finding that he cannot take advantage of the same "trust" apple had in the device, because that trust goes away once the password is changed until it is entered correctly.

In hindsight, OP should have a) had a passcode much longer that 4 digits (birth year, by any chance?) and b) marked the ipad as lost rather than trying to play a sound. A valuable lesson for others, but I guess it doesn't help the OP much. I'm not sure I know of anything that will.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.