Friday 13 – My Apple ID was hacked

Friday 13 is the day when you can expect anything… but I didn’t. It was my ordinary day, I was working at my computer… it was quiet around and I felt comfortable… until I noticed a weird message on my phone’s locked screen. It said: “Dlya polucheniya parolya, napishite na e-mail: helpicloud3@gmail.com” that was in Russian but written with English letters and it meant “To get your password send an e-mail to helpicloud3@gmail.com”. I was pretty surprised to see such message. I don’t usually share my Apple ID email address. But I definitely knew that my Apple ID was hacked. So, I went to http://ifrogot.apple.com and reset my password immediately. After that I decided to give it a try and see what would happen if I send an e-mail there. And I received this reply:

File_000

Which meant:

Your device is locked. To unlock your device send 1500 rubles on Beeline account # then attach your receipt and we’ll unlock your phone in two hours.
You can pay online with your credit card (Visa/MasterCard) URL
You have 12 hours to pay. After that your device will be erased (all the information, media and photos) without password recovery(which we’ve set up).

That looked threatening…

So, how does this scam works?

A hacker gets access to your Apple ID account (I this case I don’t actually know how did they do that and where I exposed my Apple ID). With that account information they sign in into your iCloud. After that, they switch your iPhone to the Lost mode using Find Your iPhone feature. And they add a Lost iPhone message, which you can see on your phone’s locked screen. So, actually there’s nothing serious happened yet, but they hope you’d be threatened and would act rather than think first.

What to do if this happened to you?

First of all – Stay CALM! Nothing bad happened yet! Just try to unlock your iPhone from the locked screen. In my case I could do that. Then change your Apple ID password ASAP using http://iforgot.apple.com (this requires you to have an access to the e-mail address you use for your Apple ID – there is one possible problem here, but I’ll talk about it later in this article.) Get into your Apple ID account and sign out your Apple ID from all other browsers. To do that you need to use Sign Out Of All Browsers option on the iCloud Settings page.

File_001

After that change your password once again. To be 100% sure nobody else can change it ever since.

How to avoid such scams?

  • Try to keep your Apple ID in secret. This can help you to avoid hackers. Keep them unaware of your Apple ID. (I was hacked because I exposed my Apple ID somewhere, I’m sure about that)
  • Use another e-mail service address (e.g. Gmail, Yahoo and so on) for your Apple ID, as I mentioned above, if you’ve got your Apple ID from iCloud you may get into the situation when your recover e-mail is not available for you to receive a new password since it’s hacked. Because a hacker gets access to both your Apple ID and recovery e-mail at the same time. You definitely don’t want to be in the situation like that. (I have my Apple ID registered with Gmail address this definitely saved me.)
  • Use a long and strong password. At least eight characters or more. Lower case and uppercase letters, numbers and special characters. Avoid simple words and dates.
  • Set up the Two-step verification for your Apple ID. You can do that from your Apple ID settings here: https://appleid.apple.com (I could’ve done that earlier to secure my Apple ID.) This is highly recommended security feature.

Keep your Apple ID safe!

39 comments

  1. I got the same problem on my phone. how can I unblock i? my appleid is blocked, recovery phone is blocked, what can i do?

    1. Maria,

      First of all I’m not an expert, this happened to me only once, and I hope it won’t happen to me again. Luckily my Apple ID wasn’t locked. Was your Apple ID registered with icloud.com e-mail? If it was, I think it’s going to be hard to do anything to recover the iPhone. Because a hacker got access to your Apple ID and recovery e-mail at the same time. I heard that one can restore Apple ID with Apple Support. Don’t hesitate to contact them.

      Dmitrii

  2. Thank you Dimitri!
    I am I your exact situation, but after following all the steps the deuce is still locked. I accessed the “I lost my iPhone” page, but it says that the device is offline: in fact it seems that the WiFi is off and I nthe left of the status bar it says “SIM locked”.

    How should I proceed?

  3. Thank you Dimitri!
    I encountered the same problem. After I follow all the steps, I managed to change my password. But the message “Dlya polucheniya parolya, napishite na e-mail: helpicloud3@gmail.com” still appeared on the locked screen a passcode is required. How to unlock the phone from locked screen? Thanks.

    1. @yujuang,

      To remove that message you need to open “Find iPhone” feature in your iCloud then click “All Devices” in the top of the window and then select your iPhone form the list. After that remove the Lost Mode from your iPhone. Your message should be gone.

      Good luck!
      Dmitrii.

      1. Hi I’m having the same problem I did remove my device but I still having the message, I had no password on my iPad , do I need to go apple?

        1. Check this page: https://discussions.apple.com/thread/7610756?start=0&tstart=0
          post by Svetlana307, I had exactly the same problem,( which was great, because I have 1 Ipad and 2 IPhones, all of them same account, all of them with the message, but only IPad I couldn´t unlock)) and this finally helped. After changing all paswords of course. Get your IPad to restore mode, connect to ITunes and do complete restore. Don´t forget to turn of “lost” mode” on icloud.com. But before you will maybe have to turn off “find my IPad” on the device. Than it will appear on cloud too. Thatś how it worked to me.
          God luck and fu**ck all the hackers! 🙂

  4. Had this same issue happen tonight. Followed your steps and everything appears to be fine. Have you had any issues since you posted this? Do I need to do anything else other than what you mentioned?

    Thanks for you help

    1. Kyle, No, I haven’t had any troubles since then. Hope it’s going to be like that! I’ve set up two step verification and I believe my Apple ID is safe now. Good luck!

  5. THANK YOU for publishing this! It’s currently 4 am and I woke up to that strange message on my phone. It looks like (from Find iPhone emails in my email) that my phone was put into Lost Mode at 2:38 am, but instantly taken out of Lost Mode. I was able to immediately unlock my phone after the message, but have changed my password 2x as you’ve recommended and won’t log back in to my Apple ID until I have a chance to visit the Apple Store because I’m TOTALLY freaked out. Hopefully nothing else weird happens!

    1. Since you’ve changed your password, I believe it’s nothing to worry about. Just don’t forget to set up two step verification later. But, if you think you need to talk to someone in Apple store, you definitely should. Might be they’ll tell you anything that would be a good add-on to my ideas here. Will appreciate if you share their answers and suggestions. Best of luck.

      1. I should have known about 2 step verification and nothing like this wouldn´t happen. Easy and safe. I took me 3 hours to get all set back on all devices. 🙁

  6. This just happened to me overnight. I never had a passcode on my phone and after following the steps I still can’t unlock my phone. Any Ideas?

    1. Sorry to hear that! I’d contact Apple support or Apple store, may be they can help you to unlock the phone. Too many people having the same issue… this is weird. I wonder, how this happened that all our Apple IDs got exposed?…

  7. The same thing happened to me overnight and I was not able to do anything to salvage my information from my phone. They had to completely reset my phone to factory settings and I lost all pictures/videos etc

  8. Happened to me today. Changed password but they somehow placed a touch ID passcode on my phone and I can not unlock it. Lots of family memories will be lost.

  9. Same thing happened to me. Called apple and they told me to go to iCloud.com, log in and go to find my iPhone, and click on whichever device you need and you need to erase the device. Unfortunately you lose all the data but it is the only way.

  10. Hello, i have the same problem but in my case, i have both my iphone and ipad is hacked, i was able to open my iphone and got no problem with it, the thing is, they have set up a passcode on my ipad, i changed my apple password, remove that silly message on my screen using “find my iphone” and yet i could not open my ipad because it has passcode (which i never put passcode on it) i have been trying to open it and now i just disabled my ipad, need lil help, thanks

  11. My Iphone is locked. I still manage to renew password to my Apple ID and get an access to my Icloud.
    However, I can’t neither to unlock my phone nor to erase it, becouse it’s not connected to internet.

    What can i do in this case?

  12. A notification on my iPhone showed a map of a device trying to login to my iCloud in Tampa, FL (never been there). I said “Don’t Allow.” Within 30min I see Emails of all my devices in Lost mode and an email of a new device who logged in using a Windows Computer from Tampa, FL. How did anyone get access if I said don’t allow? This was the 2 Factor Authentication that iCloud recently implemented which is a good idea but I’m still baffled because I got home and noticed my iPad was in Lost Mode and said: “Dlya polucheniya parole, napishite na e-mail: appleinc03@gmail.com“.

    Other weird thing, I was recently researching a vacation in Tampa, FL but never gave out my iCloud email address but I did use my credit card at a resort and used a different email address (that is unassociated). My iCloud password is unassociated with the other email address nor any association with the credit card.

    I since logged all devices out of iCloud within 40min of receiving the notification on my iPhone and changed my password. I made sure 2 Factor Authentication was turned on in iCloud to make sure if anyone tries to successfully login to iCloud I get notified and ask for an additional 6 digit code. I think this was already setup and am confused why someone was able to login to iCloud from a Windows browser and place my devices in Lost mode but unable to gain access to my keychain or create a backup of my device to completely lock me out.

    1. I actually figured out. You can login to iCloud and when 2 Factor Authentication pops up there is an option for lost my iPhone for which they can lock your device and erase your phone without completely getting into iCloud. They cannot see your pages, contacts, iCloud email, or access your keychain passwords etc.. I got lucky in that I changed my password before they wiped my iPhone data.

  13. Hi, guys. First off all, were all been “hacked” by Russian hackers, wich want 1000-1500 rubles from us.

    first of all, from now on – always have a codelock on your phone – this prevent them from setting whichever code they want – and effectly keep you out of your device.

    Secondly, please sign up to apples free two-step verification in icloud systems.

    My icloud was hacked 15th of july, and when i woke up – i was terrifyed of what i saw; someone put all my devices to lost-mode, and I changed my icloud password several times in short time.

    today, 10 days later, i turned on an old iphone, and instantly when i connected to wifi, the phone went in lost mode, and needed a passcode to get in. Since i never have had a code on this phone, i was fucked.

    After looking for solutions for hours, and spoken with apple support on phone for 1 1/2 hours, i figured to try to reinnstal the phone. That works, but you loose whatever you have on your phone if you havent a backup. which i didnt have.

    Apple told me that my passcode would be whatever i set it up before, but since i never set up a code before, the hackers get the change to enter their code, wich neither I or Apple can find later.

    So, for a precousion; always have a passcode on your phone, if youd like, you can put it so it only get activated after 1, 5 or 15 hours, but at last you have your code. This will prevent you from problems next time you get hacked, because then the code from Lost-mode will be the same as you have entered.

    If you do not have a passcode, and hackers put your phone in lost-mode, you are basicly fucked.

Leave a Reply to Petr Urválek Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.