iPhone lost mode been hacked

[Cutiekitty92]

I randomly awoke at 4am to find that my iPhone had been put into Lost Mode, I panicked and turned it on and off with it still saying Lost Mode write an email to blah blah blah ( can’t remember it something like Apple.support@dmx.com ) ? Anyway I eventually managed to unlock my phone but to serval emails saying my phones my activated to Lost Mode, my phone Apple Pay card has been suspended my phone has now been found showing my location etc. Basically I’ve been hacked and I’m **** scared now. Got on to resetting my Apple ID password straight away as someone had accessed my iCloud via windows (I only have a Mac) please can anyone help me as such I’m ever so worried all my information has been compromised.

 

[fartnugget213]

Do you use two-factor authentication? That is the only thing I can think of that I could interject into here.

I don't think there is anything we can do, you should contact the proper departments regarding your account and try to get it handled over the phone or something. Perhaps they will tell you the IP/location of the person who accessed your information, it might help determine who it is.

Best of luck

 

[Cutiekitty92]

Do you use two-factor authentication? That is the only thing I can think of that I could interject into here.

I don't think there is anything we can do, you should contact the proper departments regarding your account and try to get it handled over the phone or something. Perhaps they will tell you the IP/location of the person who accessed your information, it might help determine who it is.

Best of luck

I have just tried to enable it but can’t verify for some reason maybe I need to go on my Mac which I can’t do till later.
Do you mean to ring Apple? Not sure what they could offer other than to change my passwords which I’ve already done

 

[fartnugget213]

Do try to enable two-factor next time, it's such a life saver. I had one attempt where someone not me tried to get in and I was saved there.

Apple may be able to look into the IP address of whoever got into your account, and that may help you locate whomever did this.

If they are from another country then we could dismiss it as just your everyday break-in attempt.

If they are close to you, it could help you identify who might have done it.

 

[DeepIn2U]

Do you use two-factor authentication? That is the only thing I can think of that I could interject into here.

I'm no fan of this ridiculous 2-factor authentication. Also if the account is hacked and his phone is locked what GOOD would an SMS to a locked phone actually do? Think this through for a few moments and you'll understand how ths doesn't make sense.
> ONLY if the Mac has iMessage signed in using the same account then ... "maybe" but I doubt Apple is using iMessage vs a direct SMS service with multiple providers or a server that interjects into providers using local numbers reserved.

That said ...

to our host how common is your account (original iCloud accunt setup)?
It's possible someone lost THEIR iPhone and had a typo using your mailbox SMTP AND if your security questions are common along wtih common answers then ... yeah can happen.

Next do you have any enemies, upset former GF's or messed with somone's GF?!

Either way contact Apple directly email and phone with your phone's IMEI and S/N have them sort it out with receipt.

PS: High time for Apple to allow us to CHOOSE our security questions as manually typed entries, and not just the answers.

 

[nicho]

I'm no fan of this ridiculous 2-factor authentication

Perhaps you should research it, then you'd become more of a fan. The rest of your post is full of rubbish that isn't how it works at all. 2 factor doesn't use SMS, except as a backup last resort.

Also, the account wouldn't get hacked and the phone locked in the first place. DUH.

 

[Phil A.]

I'm no fan of this ridiculous 2-factor authentication. Also if the account is hacked and his phone is locked what GOOD would an SMS to a locked phone actually do? Think this through for a few moments and you'll understand how ths doesn't make sense.
> ONLY if the Mac has iMessage signed in using the same account then ... "maybe" but I doubt Apple is using iMessage vs a direct SMS service with multiple providers or a server that interjects into providers using local numbers reserved.

That said ...

2FA uses your other Apple devices for confirmation and reserves the trusted phone number as a method of last resort (and it doesn't have to be your device - you can use a home phone number or partner's phone, for example - as recommended by Apple)

 

[Cutiekitty92]

Thanks for the suggestions guys, I have activated the two step now. My iCloud is just a normal Hotmail account perhaps my email was hacked and passwords were retrieved etc I don’t think anyone I know would have done this to me. My instagram was hacked a month ago to someone in bloody Russia anyway passwords changed now so hopefully that’s fine. As for Apple Pay I am worried to keep my car linked now. It’s currently suspended on here anyway

 

[nicho]

As for Apple Pay I am worried to keep my car linked now. It’s currently suspended on here anyway

It's a one way system, hackers can only disable the card and can't do anything without your physical device, so you shouldn't need to be worried. They can't find your card details remotely, it's impossible.

 

[Cutiekitty92]

Okay but what about seeing my whole address as they went on find my iPhone I’m really worried...

 

[tarsins]

I'm no fan of this ridiculous 2-factor authentication.

TFA is a must these days. Take time to understand and use it properly then thank it when it protects your iCloud account.

 

[Cutiekitty92]

Thanks for all the advice everyone, I’ve checked and everything is back to how it should be. With old email being deactivated and a whole new iCloud account set up hopefully it’ll keep those nasty hackers at bay... even Apple thought it was weird. They basically locked my phone and Mac but done nothing... idiots

 

[nicho]

Thanks for all the advice everyone, I’ve checked and everything is back to how it should be. With old email being deactivated and a whole new iCloud account set up hopefully it’ll keep those nasty hackers at bay... even Apple thought it was weird. They basically locked my phone and Mac but done nothing... idiots

Good to hear!

 

[Cutiekitty92]

Can anyone shed some light here. I’m so stuck on both Mac and iPhone with this ***** I can’t use anything

 

[noobinator]

What happens when you click "can't approve this iPhone?"

 

[Cutiekitty92]

What happens when you click "can't approve this iPhone?"

Apparently my data will get erased and i'm getting rather stressed now because when I do this on my mac it just gets stuck and freezes then I have to force quit settings. Some major flaw here is happening cannot do anything on my iphone it is just overheating now...
[doublepost=1501534752][/doublepost]Managed to fix it myself because Apple were so terrible at helping me...

 

[DeepIn2U]

Perhaps you should research it, then you'd become more of a fan. The rest of your post is full of rubbish that isn't how it works at all. 2 factor doesn't use SMS, except as a backup last resort.

Also, the account wouldn't get hacked and the phone locked in the first place. DUH.

Actually it's NOT rubbish. I've personally experience this when someone used 'Forgot my Password' during setup for AppleDEP device from a vendor - and SMS was sent to another number (not the mobile devices but the only mobile number.

I think you need to research this more - options are as that, options ... but the initial setup is 1 number.
2FA is NOT the same for every service by every company ... and for corporate VPN connections there a slew of alternatives in how it actually works. When setup to a mobile number - if you're roaming and the VLR for the provider your own does NOT get the details from your providers HLR then guess what no phone service no data service: 2FA if using the mobile number you're travelling from will not be useful if it's going to a phone number you cannot acces.

That is not rubbish but common sense.

2FA uses your other Apple devices for confirmation and reserves the trusted phone number as a method of last resort (and it doesn't have to be your device - you can use a home phone number or partner's phone, for example - as recommended by Apple)

For Apple's 2FA:
https://support.apple.com/en-ca/HT204915

Once signed in, you won’t be asked for a verification code on that device again unless you sign out completely, erase the device, or need to change your password for security reasons. When you sign in on the web, you can choose to trust your browser, so you won’t be asked for a verification code the next time you sign in from that computer.

Trusted devices
A trusted device is an iPhone, iPad, iPod touch with iOS 9 and later, or Mac with OS X El Capitan and later that you've already signed in to using two-factor authentication. It’s a device we know is yours and that can be used to verify your identity by displaying a verification code from Apple when you sign in on a different device or browser.

Trusted phone numbers
A trusted phone number is a number that can be used to receive verification codes by text or phone call. You must verify at least one trusted phone number to enroll in two-factor authentication.

You should also consider verifying other phone numbers you can access, such as a home phone, or a number used by a family member or close friend. You can use these numbers if you temporarily can't access your own devices.

As I said the intial time in setting up Apple 2FA - only 1 number can initially be entered. Further only Apple devices or a browser can be authorized during setup or when the iOS/Mac is disabled/wiped via Apple's services.

Not everyone that has an iPhone has a mac, iPad, or Apple Watch. That's the ecosystem but not everyone lives within it.
[doublepost=1501539431][/doublepost]

TFA is a must these days. Take time to understand and use it properly then thank it when it protects your iCloud account.

I don't see Apple making it mandatory as of yet - so it's not a 'must'. Yes I'm away it's better for security ... but there are number of misses that Apple should be considering first before forcing this.

 

[nicho]

Actually it's NOT rubbish. I've personally experience this when someone used 'Forgot my Password' during setup for AppleDEP device from a vendor - and SMS was sent to another number (not the mobile devices but the only mobile number.

I think you need to research this more - options are as that, options ... but the initial setup is 1 number.
2FA is NOT the same for every service by every company ... and for corporate VPN connections there a slew of alternatives in how it actually works. When setup to a mobile number - if you're roaming and the VLR for the provider your own does NOT get the details from your providers HLR then guess what no phone service no data service: 2FA if using the mobile number you're travelling from will not be useful if it's going to a phone number you cannot acces.

That is not rubbish but common sense.



For Apple's 2FA:
https://support.apple.com/en-ca/HT204915



As I said the intial time in setting up Apple 2FA - only 1 number can initially be entered. Further only Apple devices or a browser can be authorized during setup or when the iOS/Mac is disabled/wiped via Apple's services.

Not everyone that has an iPhone has a mac, iPad, or Apple Watch. That's the ecosystem but not everyone lives within it.
[doublepost=1501539431][/doublepost]

I don't see Apple making it mandatory as of yet - so it's not a 'must'. Yes I'm away it's better for security ... but there are number of misses that Apple should be considering first before forcing this.

Please enlighten me to a scenario you would need to use 2 factor authentication while having no data signal on your phone (which is your only iOS device)? No data signal, no connection to the outside world, no password requests...

 

[ectospheno]

I'd be happy if we just stopped using the word "hacked". Someone guessing the password to the account isn't even remotely hacking.

 

[Cutiekitty92]

So I just activated 2FA on everything but just realised and what happens if for whatever reason some day I get a new phone number?

 

[Apple_Robert]

So I just activated 2FA on everything but just realised and what happens if for whatever reason some day I get a new phone number?

You would add the new number for 2FA use.

 

[DeepIn2U]

Please enlighten me to a scenario you would need to use 2 factor authentication while having no data signal on your phone (which is your only iOS device)? No data signal, no connection to the outside world, no password requests...

You mis-understood, or I conveyed it slightly in correctly.

Your phone is locked out and asks for 2FA while you're roaming
situation:
You're not getting signal on the authorized roaming partner (you've just landed: airplane has WiFi which allowed phone to be locked).
You power-cycle the phone thinking it's a mistake that your password is locked. Prior to the reboot your device receives iCloud lock out.
You power-cycle the phone thinking iCloud lockout is mistake. Now your NanoSIM no longer properly registers on the roaming partners network OR signal is VERY low at your present location and phone/SIM hops onto another provider ... gets signal BUT Calls/SMS/Data doesn't work.

 

[nicho]

You mis-understood, or I conveyed it slightly in correctly.

Your phone is locked out and asks for 2FA while you're roaming
situation:
You're not getting signal on the authorized roaming partner (you've just landed: airplane has WiFi which allowed phone to be locked).
You power-cycle the phone thinking it's a mistake that your password is locked. Prior to the reboot your device receives iCloud lock out.
You power-cycle the phone thinking iCloud lockout is mistake. Now your NanoSIM no longer properly registers on the roaming partners network OR signal is VERY low at your present location and phone/SIM hops onto another provider ... gets signal BUT Calls/SMS/Data doesn't work.

How does the phone get locked in the first place?

 

[Dented]

You mis-understood, or I conveyed it slightly in correctly.

Your phone is locked out and asks for 2FA while you're roaming
situation:
You're not getting signal on the authorized roaming partner (you've just landed: airplane has WiFi which allowed phone to be locked).
You power-cycle the phone thinking it's a mistake that your password is locked. Prior to the reboot your device receives iCloud lock out.
You power-cycle the phone thinking iCloud lockout is mistake. Now your NanoSIM no longer properly registers on the roaming partners network OR signal is VERY low at your present location and phone/SIM hops onto another provider ... gets signal BUT Calls/SMS/Data doesn't work.

You've misunderstood this from the outset - there is no way anyone could have locked your phone without having to provide the 2FA in the first place, ergo your phone isn't locked and you carry on about your business completely untroubled.

The whole point of 2FA is that it prevents the kind of unauthorised access to an account that would be necessary in order to lock a phone or access anything else.

 

[DeepIn2U]

You've misunderstood this from the outset - there is no way anyone could have locked your phone without having to provide the 2FA in the first place, ergo your phone isn't locked and you carry on about your business completely untroubled.

The whole point of 2FA is that it prevents the kind of unauthorised access to an account that would be necessary in order to lock a phone or access anything else.

FYI - 2FA also prevents anyone from sign-on to a new iOS device (Apple's 2FA) without the code verification as well. Try it.