Someone Stole my Apple Account, Did Apple recover it?
--
A cautionary tale of abandoning old accounts.
I wrote this story as I experienced this. I hope it turned out entertaining and informational at the same time.
I’m doing my end-of-day wind-down session of checking emails and replying to messages when a new message pops up in my inbox.
Apple ID information updated? That’s strange. I haven’t changed anything in the past couple of months. So, I set out to investigate a bit further.
Okay.. so my Apple ID and Email address were updated somehow? This sounds like a potential account takeover to me. Maybe the source of the email shows it’s a scam? Upon checking, I see that it came from appleid@id.apple.com. Really does seem legitimate.
Starting to sweat, I rush to my other computer and go to the login page. As you probably guessed at this point, it did not work. You might notice the little 1Password icon on the right for my password manager. The details were automatically pasted by it, so I knew I didn’t just “mistype” it.
As a last-ditch effort, I went over to the password recovery page. They may still have my email on the account, too.
After inputting my email and completing the captcha (on the third try), it showed that my “Apple ID is not valid or not supported”. It definitely is supported because it’s just an email address, so this means it is not valid.
Someone, indeed, has taken my account.
While waiting for customer support to connect to chat, I tried to find out what could have happened. I hit up my old friend haveibeenpwned.com. It’s a great tool to determine if your information has been exposed to any data breach by major online service providers.
After hitting enter, the background changed from calming blue and grey to bright red. My email address, alongside a hash, was exposed in 2020.
Not only was it exposed, but the password hash was based on MD5. MD5 was used extensively before 2005, but it was cryptographically broken, making it not trivial, but not too difficult to get your original passwords from it. So, my password was protected by a weak encryption scheme from almost 20 years ago.
This account also had the old security questions as another protection step. Unfortunately, however, the nature of these questions is that they are the same for a person. They can be used on all accounts if they are exposed in one breach.
As a last step, I got to Apple support, which connected me to the chat session surprisingly quickly. I won’t paste the entire conversation because it’s long, but I’ll share some highlights.
I shared some information about myself, then the contents and screenshot of the email, and subsequently an image of me trying to log in.
They went through the usual steps and questions like:
- Did you share your information with anyone?
- Did you get an account recovery email recently?
- Did you lose an Apple device recently?
All of these are great questions, to be honest, but in my case, I'm afraid it’s not that simple. Then came the bomb from the support member:
“Apple can’t undo unauthorized changes to any account nor delete, deactivate, or lock an Apple ID on any customer’s behalf.” To me, this message sounds like: “We could do something, but we won’t.”
There is no way they don’t have internal logs about changing the email address to a new one. Realistically, how many things could have happened in the following scenario?
- An account email is changed to another.
- A person from the original email complains about their account being stolen.
I don’t see too many other reasons for this. Maybe I’m wrong, though. Leave a comment if you think otherwise!
This situation is already bad enough, but in the end, they recommended a great life hack for me!
See? It’s not all bad, after all! Since they changed my email address, I can create a new account with it! Yay! After telling this truth bomb, they just.. left after about 3 minutes, during which time I was still in awe.
I know it’s great fun to complain about how bad some customer support services are, but in this case, I can only think of one word:
So, in conclusion. What should I really say?
This was one of the older accounts that I made as a teenager. I learned a lot since then, and here are some things you can do better than I did:
- Use a password manager and use unique passwords for all sites
- Check if your passwords were compromised semi-regularly and update them (password managers help here)
- Always use the newest multi-factor authentication methods available, and if you are still stuck on an old one (like I was), update manually to a new one on accounts you care about.
And here is what sites such as Apple can do better. Losing an account for many people might mean they will never engage with your services again, especially if they contain historical data or, in my case, my bank card information. It would have been simple to check that an account existed with my previous email; it also had my name on it, which I can easily prove by showing my ID or getting into a call.
You just have to care.
Thank you for reading; I hope you learned something and nothing like this will happen to you.
Cheers!
