I thought I was safe.  My online accounts all have long random passwords, and I use 2-Step Authorization whenever its available.   And I’m security minded, in these times of rampant online scams, which I’ve become familiar with through the numerous scams my client’s have either fallen prey to or suspected, and called me for help.

It turns out, my efforts at protecting myself with good security was not good enough.  While my Apple iCloud account has never been hacked, because I use their 2-Step Authorization and have a long random password, from first hand experience I have seen the result of a friend’s iCloud account being hacked. And how that effected me.  My friend did not have Apple’s 2-Step Authorization enabled on his iCloud account, and had a fairly simple password.  The thief obtained all my friend’s contacts, text messages, and text message photos. Armed with my friend’s contacts, the thief proceed to impersonate my friend and contacted some of his friends via text message pretending to be him.  Eventually, the thief contacted me via text message, impersonating my friend. I was unaware of my friend’s Apple ID hack.  But I was suspicious of a fraud:  I questioned my “friend” why his phone number was different. He explained it was because he lost his phone, wanted to change his number anyway due to bothersome people, and then provided a very smooth continuation of previous conversations my real friend and I had had via text messages, and provided recent pictures of my real friend. In other words, the thief “adopted” my friends interests and concerns by reading his previous text messages. Since I had never considered such a scenario for a scam, it was 2 days before I figured out I was being played, when this “friend” asked for information that he should already know. A simple voice call to my real friend verified my suspicion. Had I not detected this, the thief could have obtained valuable information from me for perpetrating his fraud against my friend. In addition, during the 2 days of text messages with this “friend” he obtained some information about me. Luckily, nothing critical, but his intention was to also perpetrate fraud against me: by creating a fake Instagram account called “randyweberxcellentmacintosh”.  I finally got Instagram, now owned by Facebook, to remove that account after having my attorney contact them.   The moral of the story is, enable Apple’s 2-Step authorization if you use iCloud on your devices and if you value your friend’s and family’s sanity and identity.

Though someone hacking into your Apple iCloud account my not concern you much, it could be detrimental to one or more of your family and friends. If anything, I hope people learn from my troubling experience.

Many of my clients resist using Apple’s 2-Step authorization mechanism for their Apple ID & iCloud because it’s either too complicated or too bothersome. 2-Step Authorization prevents anyone from logging into your Apple ID, iCloud, or iTunes account (which are all the same thing), even if they know your password, without providing a unique 6 digit number that is sent to your iPhone, or another of your Apple products using your Apple iCloud account, when another device attempts to log in for the first time. While a person may not particularly care if someone hacks their Apple account, consider this: if a hacker logs into your Apple account they will have access to your contacts, text messages, and photos, if you have those enabled in your iCloud setting.