We’ve recently had quite a few run-ins with Macs that have been coming into the South Burlington location with either iCloud lost mode active, a firmware passcode active, or a combination of both. While this is usually used as a personal security measure if a device is lost or stolen, this recent surge has been the malicious kind.
In my experience working with Apple for a few years, the devices themselves are not being “hacked” but rather the user’s accounts are being hijacked by thieves or money hungry “hackers” in an attempt to collect money from the account holder. The only way out of this lock is to either pay the thief and hope they give access back OR be able to provide proof of purchase for your device. If you’re lucky, at least for iOS device users, you can verify your identity with AppleCare directly and regain access to your account and iOS device. But the Macs are a different story, as they often include what’s called a firmware passcode. The firmware passcode cannot be bypassed without providing a proof of purchase to an Apple Store or an Authorized Apple Service Provider, such as ourselves.
The way the thieves manage to take control of the iCloud account associated with the Mac or iOS device is by gaining access to the associated email address, then resetting the password for the AppleID, then logging into the iCloud website with the newly stolen credential. They do this in such a way that most people wouldn’t know that it had even happened until it was too late, and they were locked out of their Macs or iOS devices. The accounts I’ve seen hijacked have all been accounts that did not have either two-step authentication nor two-factor authentication active. The thief will then activate lost mode on their devices, with a message attached to the likeness of, “To regain access to your account, email me at johnnyrotten@madeupemail.com!” They will then ask to be paid in a form of currency called “BitCoin” rather than using some form of traditional payment before giving back the account.
There is no telling when or where this sort of “hack” may happen, but there is an easy way to make sure the account is secure: setting up two-factor authentication for your AppleID account. You can do this by following the instructions on Apple’s very own website Two-factor authentication for Apple ID. If you do find yourself stuck in a situation like this, make sure to first change your main email password to block out access to the attacker. Make sure to change any account passwords associated with that email as well (such as banking). I’ve posted the links to articles below to further educate you on the uses of iCloud Lost Mode and Firmware Lock.
Stay safe out there, and keep your accounts on lockdown so this doesn’t happen to you!