1. raveenjain's Avatar
    I bought an Apple Ipad Pro at the Apple Store and I logged in with my apple id at the store.
    I did not have my other registered device, which was an iphone, with me while I was travelling in USA.
    It asked me for a verification code sent to my other device, but since I did not have access to it, I could not enter it.
    A couple of minutes later I got an email from Apple saying that my registered other device phone number has been changed.
    A few minutes later I got another email that my date of birth has been changed.
    I tried logging in through the web, but it would ask me for the verification code or the new other device phone number. But since this had changed, there was no way it would let me go through.

    I logged a case with Apple support but they claimed that they were unable to help and I would need to provide the changed phone number or else they could not verify my identity.

    On coming back to India I see another device added to Find My Phone under the name Ayaan Khan. I am worried because this hacker would now be accessing all my phone data, my icloud data and could also be using my credit card associated with the apple id. I logged another case with Apple support when I came back to India a few days later and again they could not do anything in the absence of the new phone number. I put an Erase on this other device of Ayaan Khan through find my phone app. Apple would not help at all.

    When I try logging in with my apple id, it lets me go through the 1st step if I use my original password and then it ask me the verification code. If I put an incorrect password it would not let me proceed saying incorrect password.

    I still have access to the email associated with the apple id and the credit card details associated with the apple ID are still mine. I argued that a my email and my credit card would be a more secure way for verifying my id because they are more secure than a phone device. Apple insist that the only way they can verify my identity is if I give them the other device phone number. It is crazy that my id verification is restricted to a mere device that can be lost or stolen and accessed by almost anybody. And in case I happen to lose this, all my personal / business data and my finances are at the risk of being used by a hacker.

    It is very surprising that the hacking happened from an Apple Store, which would mean their network is compromised.
    The hacker changed the phone number which means that the Two Factor Authentication is not as secure and has loop holes.
    Apple ID is solely dependent on the other device which is the least secure device as it can be stolen, lost or accessed by anybody when left alone for a few moments.
    Apple needs to add the email security also to its apple id authentication. Email are not mobile and would be more secure.

    I have lost complete trust in the Apple Two Form Authentication and would request help on this.
    05-26-2016 05:38 AM
  2. Just_Me_D's Avatar
    Apple is correct. You have to follow their set protocols in order for them to verify your identity. There's nothing we can do for you regarding this matter.
    Laura Knotek and libra89 like this.
    05-26-2016 07:40 AM
  3. SprSynJn's Avatar
    I'm confused. How did someone change your phone number and date of birth utilizing the code you sent to your phone? Wouldn't that mean that your phone had been stolen and the thief had access to that phone? By that I mean they'd have to either know your pass code or use your finger to unlock it.
    BreakingKayfabe and qbnkelt like this.
    05-26-2016 10:37 AM
  4. kch50428's Avatar
    Two Factor Authentication A Huge Risk & Highly Insecure
    Bovine processed feed grains. You know not of what you speak.
    05-26-2016 10:49 AM
  5. raveenjain's Avatar
    Apple is not correct. A mobile device is vulnerable to theft or misuse if left unattended and it is insecure.
    For two factor authentication an email verification is more secure but is not included. Accepting just p[hone number and not an email ID is incorrect.

    For whatever reasons which I don't understand, my apple id has been compromised. It is for apple to find out how it happened.
    05-27-2016 02:27 AM
  6. raveenjain's Avatar
    Even I am baffled.
    You would need the apple id password and the verification code both.
    I had the sim card of the registered device with me at that time, but not in the phone as I was using a US sim card at that time.
    Why would a message go to another phone - a carrier mistake ???
    And then how would he have access to my apple id password.

    There has to be some loop hole.
    05-27-2016 02:31 AM
  7. qbnkelt's Avatar
    Huge story.
    You left your phone behind in India and sent a code to it from an Apple store in the US. And you set up some complex set of circumstances to back you your bombastic claim about alleged iPhone vulnerability.
    The issue is an easy one.
    User error.
    Not every piece of this fantastical story has been told.

    Try again.
    kch50428 likes this.
    05-28-2016 05:38 AM
  8. robertk328's Avatar
    2FA is a great security step -- I have it on any account I can, and use Authy to open the apps when asked
    05-28-2016 07:24 AM

Similar Threads

  1. Duronic brackets are a sturdy, affordable option for mounting two displays
    By iMore.com in forum iMore.com News Discussion
    Replies: 0
    Last Post: 05-25-2016, 02:51 PM
  2. Race Illegal: High Speed 3D
    By Herocraft_Games in forum iPhone Apps & Games
    Replies: 2
    Last Post: 05-25-2016, 11:21 AM
  3. AT&T offers more data for the same price on its high-speed GoPhone plans
    By iMore.com in forum iMore.com News Discussion
    Replies: 0
    Last Post: 05-24-2016, 05:12 PM
  4. Two iPad Pro's
    By yoshimiya08 in forum iPad Pro (12.9-inch)
    Replies: 6
    Last Post: 05-22-2016, 09:54 PM
  5. Replies: 1
    Last Post: 05-20-2016, 12:28 AM