iCloud hacked

Some plonker in Moscow just brute-forced my password and proceeded to put all my devices into Lost Mode.

MacMini still locked because Apple need 24 hours to find my invoice (bought from them online) to prove I'm who I say I am and remove the password lock.

Grrr!

I assume you didn’t have 2FA enabled? :/

Did you have two factor authentication turned on? I had my iMac hacked once, but that was because I had the VNC port open on my router and a simple password on my desktop login, and used the same password on my keychain. Once they were in the just used the saved password in my keychain to use my EBay account to buy a Rolex watch.

Ouch!,
Thankfully I do have 2FA but I can't prove I own the Indigo Mac Mini as I bought it second hand off eBay and just today I also bought a MacBook Air on eBay for the other half as I am fed up sorting out her Dell with Win7 crashing all the time!
So the question is how do you get Apple to reset devices you don't have an invoice for.

CliveS

I didn't have 2FA on... I do now....

I'm a secondary school IT Manager with 1700 school-owned iPads under my control - we prefer students not to use 2FA cos it locks US(IT Support) out of the devices!

Fortunately I PDF all my online order confirmation screens, so I could tell them the date, time, URL, order no, ....

Clive, if you don't have original invoice from authorised Apple reseller, you can forget it.

What I don't understand is... on iOS if you enter the device's own passcode it lets you in and you can start verifying etc. On a Mac, you NEED the unlock code that the hackers set - there's no two ways about it. You can't sign into iCloud and "cancel" the lost-mode or reset the passcode.

The worst part is..... I had to get out of my chair to turn the light on cos Indigo not running!

Sent from my iPhone using Tapatalk Pro

I had a ssh port forwarded on my router to my mac. Nothing happened but my router got probed every second on that port from china. I then switched the ssh in-port to something higher. So they do not get a reply from my mac. After 5 days they stopped probing.

So when you have ssh or vpn use a different incoming port number otherwise you will get constantly probed eventually.


Sent from my iPhone using Tapatalk

I don't use those, but I do have my Church's alarm system open so I can manage it remotely; I've purposely used a different port to their default (10001) in my port-forwarding.


Sent from my iPhone using Tapatalk Pro

I didn't have 2FA on... I do now....

I'm a secondary school IT Manager with 1700 school-owned iPads under my control - we prefer students not to use 2FA cos it locks US(IT Support) out of the devices!

Fortunately I PDF all my online order confirmation screens, so I could tell them the date, time, URL, order no, ....

Clive, if you don't have original invoice from authorised Apple reseller, you can forget it.

What I don't understand is... on iOS if you enter the device's own passcode it lets you in and you can start verifying etc. On a Mac, you NEED the unlock code that the hackers set - there's no two ways about it. You can't sign into iCloud and "cancel" the lost-mode or reset the passcode.

With Apple's Server App and Apple Configurator you can set them up as supervised devices which will allow you to bypass passcode and activation locks. No need to even involve AppleCare.


As for: So the question is how do you get Apple to reset devices you don't have an invoice for.
Typically they don't. You have to be able to prove ownership. With the hack and unauthorized actions they may be able to do something. Just depends on what information they have to work with.

Though if you have access to your account again you should be able to turn off Lost mode on your own in Find My... app or iCloud.com. The computer will need internet access for it to take affect though.

You can't turn off Lost Mode anymore by all accounts; I tried that.

They are supervised devices at school (MDM and DEP) but as they have to authenticate to Wifi before they connect, the MDM command to reset doesn't get to the device.


Sent from my iPhone using Tapatalk Pro

I never understood this policy from Apple. If I own one device and it has an iCloud account tied to it, that should prove ownership for any other devices with that iCloud account. My wife had an incident awhile back and had to jump through all these hoops to prove ownership. Still have an iPad that is locked...

If you have access to the account that locked the device then you should be able to unlock the device.

Not for a Mac you can't.


Sent from my iPhone using Tapatalk Pro

With a Mac it puts a Firmware password on the computer. If the device is still listed in Find My and can get internet access, it can sometimes be resolved by removing the device from the account if you don't know the pin. Otherwise it requires an ARS appt with a proof of purchase to have the lock removed (see: https://support.apple.com/en-us/HT204756). iOS devices however are a different story and do not require a trip to the store and do not require any documentation as long as you can access the account and know the account the device locked to. The last bit is what causes most people I talk to trouble. They don't remember the account they used with the device. Since it just shows you a hint you can't be sure.

So Apple decided I need to take Mac to Apple Store to get unlocked. Nearest two Apple stores completely booked out, but there a Premium retail store I'm familiar with an hour away. Apple support said that's fine.

Get permission to leave work early to get there for 5pm. Drive an hour, walk in. Oh, we can't unlock Macs, we need to charge you £50, we'll send it to Apple for you, you need to give us your Mac's password in plaintext in front of other customers and Apple will wipe the device clean.

Gee thanks Apple! Rapidly falling out with them! (I'm a Windows PC person anyway; this is only Apple PC I have).

Windows server of Indigo, Matt/Jay??


Sent from my iPhone using Tapatalk Pro