7c0h

How my brother's iCloud account was stolen

My brother got his iPhone stolen at gunpoint. This is the story of how he lost control of his iCloud account first (along with years of priceless memories, including my nephew's first steps) and how this couldn't have happened without Apple's incompetent support.

But before that, a plea for help: if you know of anyone who can help us get the account back (or rather, the priceless photos locked inside) please get in touch with the links at the end of the article.

Part 1: Locked out of iCloud

The first thing the thieves did (after running away, of course) was changing the phone number associated with the iCloud account. I do not know how they did this - it has been suggested that Apple will send a code to your phone, which the thieves obviously had. In any case, as soon as my brother tried to log into "Find my Phone" he was faced with a screen asking him to verify the phone number associated with the account, which was set to a number we do not recognize. It didn't matter that we still had the proper password for the iCloud account, nor that we still have control of the e-mail associated with the account. As far as Apple is concerned, if you don't know the phone number (which, again, the thieves changed) you cannot access your iCloud account. This is a known issue with iCloud security.

Next we got in touch with Apple, both via phone and Twitter. Phone support was useless, as all they would say was that they couldn't help us unless we knew the phone number. The closest I got to a victory was getting the phone representative to say out loud that she wanted me to provide the phone number the thieves gave, but that's about it. Even if we have the old phone number, the iCloud e-mail, the iCloud password, a police report and multiple IDs, Apple will not budge. Twitter support was even worse: after repeatedly asking them to read what I said two messages ago, I ended up getting this pointless, infuriating response:

We completely understand the concern with how important it is to have this resolved as soon as possible, and we were able to locate the cases from when you had previously reached out. Based on the information that you've provided, and the steps you and your brother have gone through, if your brother is unable to regain access to his Apple ID we would be unable to provide any additional methods to regain access to the account, and we would be unable to change the trusted phone number on the account. If you have any other questions or concerns regarding this issue, the best option would be to reach back out to our Apple ID experts at the link provided in our previous message (Note: that's the phone we called before).

Part 2: Losing iCloud for good

But the story gets even worse (better?). While we were stuck in phone support hell, my brother got a phishing SMS. He didn't recognize it as such, and lost the phone for good. The trick works like this: once you get a new SIM card (which the thieves can tell because the old one stops working) the thieves send you a phishing e-mail pretending to be from Apple. You follow the link, give your iCloud username and password, and now the thieves can unlock your iPhone and resell it. Crucially, this step only works because thieves know that Apple support will not help you: if Apple had been of ANY help then we would have recovered access long before the SMS and my brother wouldn't have followed the link.

According to Gizmodo (in Spanish) the next step would have been a phishing call with spoofed caller ID. But we will never know.

Sidenote: I reported both URLs (https://apple.iforgot-ip.info and https://apple.located-maps.info) to their hosting providers. Results have been mixed. PublicDomainRegistry.com (which belongs to Webhostbox) will not take down the hosting addresses unless they can see the phishing attack themselves (they won't check logs), but good luck getting a one-time link to work twice. UnifiedLayer.com was helpful, and I believe that GoDaddy revoked their domains.

Part 3: No more Apple

The iCloud website promises "all your stuff — photos, files, notes, and more — is safe, up to date, and available wherever you are". You have now seen what "safe" means in this context: it will be in the cloud, yes, but that doesn't mean you'll have access to it.

The question now is: would my brother choose Apple again? An iPhone is not cheap in general, and in Argentina less so. The current price for an iPhone 13 is ca. 400.000 ARS, which roughly translates to 2200 USD or 1300 USD at the unofficial rate (it's complicated). With an average monthly salary of 427 USD (according to Numbeo) you can see that getting a new iPhone is not a choice to take lightly.

What will my brother do? Paraphrasing from a conversation we had: "if I could get my account back I could consider getting a new iPhone. But if I have to start from scratch then it doesn't make sense. If I can't get my data back I'll probably get an Android phone instead".

Part 4: Conclusion and next steps

I have not entirely given up, but I'm not keeping my hopes up either. We are currently looking into whether my brother's wife can get access to his files (they had some kind of shared access), whether his iWatch can be of any use (it was logged into the iCloud account), whether small claims court is likely to help (I know it would work in the EU but Argentina is trickier), and whether anyone in my extended network can reach someone at Apple who is not an AI (thanks for nothing, LinkedIn).

As for next steps, I will be gifting my family access to some cloud storage, but unless I can get a service with competent tech support I may end up setting up a cloud of my own. Hopefully the loss of my nephew's first steps will not be in vain.

Do you have any ideas? Do you work for Apple? Then send me an e-mail or get in touch in Mastodon or even Twitter.