Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hmm weird, I always thought SIM cards were locked with a PIN. The last time I could my Telus SIM card and put it in another device the SIM card was locked and I couldn't do anything without the PIN. Maybe the Canadian SIM's are different. I will have to try it to see what happens.

I have no idea. I've never tried it myself. That person said they tried multiple SIMs and worked for them.
 
I acknowledged that entering my info into a phishing site wasn't brilliant (eventhough domain name included .apple.com)

The domain name didn't include .apple.com. The domain name you pasted was info-app-apple.com I realize it was a mocked up apple web site, but the domain was not Apple.

Hmm weird, I always thought SIM cards were locked with a PIN. The last time I could my Telus SIM card and put it in another device the SIM card was locked and I couldn't do anything without the PIN. Maybe the Canadian SIM's are different. I will have to try it to see what happens.

The OP mentioned that AT&T sims are all locked with the same default pin of 1111.

That being said, I am also with Telus and have swapped sims between the phones in our family and they just work. Also, a month ago my dad got a new phone direct from Microsoft and just popped his old sim into his new phone and it just worked. And once the sim is in the new phone, you can go view the phone number in settings. So it doesn't seem to be a Telus corporate wide policy as our sims have been obtained from more that one Telus corporate location.
 
What did you ask? I just asked something like "who do you belong to?" and it returned my full contact card with phone number and emails and everything. This is while the phone was locked (iPhone 6 with iOS 9.2.1).

That only happens if you activated Siri with a finger registered with TouchID. If you use an unregistered finger, it only gives name and phone number.
 
I guess the moral of the story is a person has to go into your phones settings and lock the SIM card with a PIN so this kind of thing doesn't happen to anyone else.
 
I guess the moral of the story is a person has to go into your phones settings and lock the SIM card with a PIN so this kind of thing doesn't happen to anyone else.
Assuming that's what happened here and not something else, although so far that seems to be likely scenario.
 
And when the issue is raised then Apple works on it.

Oh so now apple can fix the issue of having these fraudulent websites. Next time I will be more explicit to help you link the dots of an idea together.
 
Oh so now apple can fix the issue of having these fraudulent websites. Next time I will be more explicit to help you link the dots of an idea together.
Sounds like I wasn't the one in need of linking the dots. By the important thing is that it seems like they have been linked.
 
Sounds like I wasn't the one in need of linking the dots. By the important thing is that it seems like they have been linked.

Please elaborate on your first sentence? Or was that a last attempt to save face?
 
Please elaborate on your first sentence? Or was that a last attempt to save face?
Fairly self-explanatory. Seems like people will get it when they see it, even if some might not (or might choose to ignore it). In any case, seems like the dead horse has taken more than enough beatings.
 
I acknowledged that entering my info into a phishing site wasn't brilliant (eventhough domain name included .apple.com)
Actually, the domain you mentioned in your OP did specifically *not* include the domain "apple.com", but "info-app-apple.com. The sub-domains are always separated by dots. Dashes or other special characters are never domain separators. So, to recognize phishing addresses, always check for the names between two dots.

Another thing that would have protected your account in this case is two-factor authentication (since a device in lost mode cannot be used to receive the authentication codes).
 
Hmm weird, I always thought SIM cards were locked with a PIN. The last time I could my Telus SIM card and put it in another device the SIM card was locked and I couldn't do anything without the PIN. Maybe the Canadian SIM's are different. I will have to try it to see what happens.
As far as I know no carrier has sim lock turned on by default at least in the US. I know if you get the sim lock code wrong 3 times you have to call the carrier, and give your IMEI, and I think ICCID to get a special unlock code.

The default pin of 1111 needs to be entered to even enable the sim lock.

Years ago I had a flip phone that I accidentally enabled sim lock on. Took at least an hour or more on the phone to get it unlocked after 3 wrong attempts.
 
As far as I know no carrier has sim lock turned on by default at least in the US. I know if you get the sim lock code wrong 3 times you have to call the carrier, and give your IMEI, and I think ICCID to get a special unlock code.

The default pin of 1111 needs to be entered to even enable the sim lock.

Years ago I had a flip phone that I accidentally enabled sim lock on. Took at least an hour or more on the phone to get it unlocked after 3 wrong attempts.
At AT&T you can simply get the SIM's PUK (PIN unlock key) by logging into your account on their web site. Go to Wireless/Plan, than click on "Manage" next to your phone. There's an option "Get PUK" that will display the PUK.
 
At AT&T you can simply get the SIM's PUK (PIN unlock key) by logging into your account on their web site. Go to Wireless/Plan, than click on "Manage" next to your phone. There's an option "Get PUK" that will display the PUK.
Nice to know, I don't think they had the option the time I had to use it. it was before the iPhone came out.
 
That only happens if you activated Siri with a finger registered with TouchID. If you use an unregistered finger, it only gives name and phone number.
It's true, when using an unregistered finger it didn't give me the full contact information that is entered for my contact and that would be returned when a registered finger is used, it just gave me the phone numbers associated with my contact (not emails and other information). But a phone number is enough to be able to send me an iMessage or an SMS.
 
I'm sure OP has moved on at this point, but I do think it's important to make one thing abundantly clear:

So you are telling me someone can just simply put the stolen device in DFU mode and gain my appleid or phone number from the device? I'm not concerned for the phone as its probably already overseas but more concerned about the data breach where my personal info was taken. I was under the impression that apple would have programmed the phone preventing revealing my full appleid/phone number on a stolen device especially one that was "locked/lost". Does that not seem like a huge security breach?


No, it's not a security breach. Regardless of what you might like to believe, your phone number is not private information. Technically, it's not even yours; you don't "own" the phone number assigned to you... at best, it's on extended loan from the phone company. It's also a means to get in touch with you, and others are required to know it to even communicate with you via your phone. Much of the same is true of your e-mail address (which is used for your Apple ID).

By contrast: do people need to know your social security number to communicate with you? Your date of birth? Mother's maiden name? Your passwords? No, they do not. That IS personal information.

Put another way: People can (in certain circumstances) call you on your phone and offer you services, and they can knock on your door and try to sell you things. Whether you choose to answer is entirely your choice. And if you do answer: then whether to trust them or not is your responsibility.

In this case, you lost track of your phone, someone grabbed it, and they used the SIM to obtain your phone number. The same thing could've happened if you dropped a business card with your number on it.
 
I'm sure OP has moved on at this point, but I do think it's important to make one thing abundantly clear:




No, it's not a security breach. Regardless of what you might like to believe, your phone number is not private information. Technically, it's not even yours; you don't "own" your phone number. It's a means to get in touch with you, and others are required to know it to even communicate with you via your phone. Much of the same is true of your e-mail address.

By contrast: do people need to know your social security number to communicate with you? Your date of birth? Mother's maiden name? No, they do not. That IS personal information.

Put another way: People can (in certain circumstances) call you on your phone and offer you services, and they can knock on your door and try to sell you things. Whether you choose to answer is entirely your choice. And if you do answer: then whether to trust them or not is your responsibility.

In this case, you lost track of your phone, someone grabbed it, and they used the SIM to obtain your phone number. The same thing could've happened if you dropped a business card with your number on it.
Assuming it was the SIM and the number, if it was an email address or Apple ID essentially, then perhaps there might be more to question/figure out in all of that.
 
Assuming it was the SIM and the number, if it was an email address or Apple ID essentially, then perhaps there might be more to question/figure out in all of that.

Of course is from SIM card, I switch out my SIM card from one phone to another phone all the time.
In this case the thief took out SIM card from stolen phone , put in another phone to get the number then send him a iMessage from another apple device.
 
Of course is from SIM card, I switch out my SIM card from one phone to another phone all the time.
In this case the thief took out SIM card from stolen phone , put in another phone to get the number then send him a iMessage from another apple device.

And had the OP gotten a new number, he'd have been proof against the scammer sending the follow-up iMessage.

Drastic I know...but just saying.
 
Of course is from SIM card, I switch out my SIM card from one phone to another phone all the time.
In this case the thief took out SIM card from stolen phone , put in another phone to get the number then send him a iMessage from another apple device.
In this particular case that seems to be likely if the OP used the same number and had iMessage activated again. With a few other very similar stories in a few other similar threads it seems like emails were sent or iMessges sent to the Apple ID rather than the number, which seems somewhat different potentially.
 
Lesson hear never click on a link. And if the link, in this case Apple, does not start with Apple.com it's an obvious fake.
 
the OP said he put the device in lost mode and provided the phone number of his roommate. my guess is the thief imessaged that number with that bogus link. OP opened the link, put his info in. end of story. it's not as complicated as you all are making it out to be.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.