What to do if your iPhone or iCloud gets hacked
Criminals don't always target high profile accounts. Phishing, scams, and social engineering can be used for purposes from identity theft to fraud and access to your employer’s database. The type of information a criminal can steal -- as well as the technology through which they can steal -- have radically changed over the years. Most specifically the threats, information types, and technology currently targeted are cloud-based, and via mobile devices, which can be intercepted, tracked, or stolen.
There’s a huge grey area between cyber-criminals and white-hat hackers, who are usually hired by big tech companies to spot and report encryption and security flaws. Hackers aren't always geniuses, but it’s a common misconception that often prevents both regular users and companies from taking the right measures to prevent cyberattacks or respond appropriately. The truth is that insecure data is relatively easy to hack.
Anybody can be a target to hackers, and the impact of being hacked can be far-reaching, including:
- identity theft
- data breaches
- loss of money or valuables
- blackmail threats
- reputation damage
- release of sensitive information
Hacking, phishing, and data theft can be avoided as long as the target knows how to protect themselves. And as much as we love helping users recover their data with iPhone Backup Extractor, we’d rather help you to avoid a data breach situation in the first place.
To keep your data safe, we wrote up a comprehensive article on how to protect your iPhone, Photos and iCloud account, and another on how to prevent companies from legally harvesting your data.
What to do if you’ve been hacked
If you’ve been hacked, you'll need to follow these steps:
-
Contact the police. If someone claims they've stolen your data or tries to blackmail you, it's likely a criminal offence. If someone is bullying your child online or has tried to get in touch with them in any way, contact the police and offer them all the data required. Ask your child whether they gave away personal data (address, family members’ name, school) and do your best to understand the full scope of the issue.
-
Take back your hacked account. The vast majority of online services have various protection methods to prevent users' from losing data or access to their accounts.
-
Check if the account recovery options have been modified. Hackers may use various recovery options to make sure they can regain access to your account. Remove any suspicious recovery methods and update your account recovery options.
-
Update your security questions associated with the hacked accounts.
-
Activate two-factor authentication (2FA) on your devices or on your credit card. Any hacking attempt will be blocked before the start if you implement this security feature.
Check all associated accounts. If you discover a hacked account and you change the password, this doesn’t mean your data is safe. You need to check all accounts associated with the hacked email because all of your associated accounts are vulnerable. For example, someone could access your cloud account if is associated with the hacked email. Make sure you also update these credentials. Similarly, if you use the same password for multiple accounts, change the password for all accounts that use this password, not just your hacked account.
-
De-authorize apps able to access these accounts. Sometimes an infected app is responsible for the hacking. By removing them or disabling the access to the hacked account you can avoid future hacks.
-
Block your credit card. If your credit card data has been exposed or if your account was used by a hacker, block it as soon as it possible. Based on a filed police report, your credit card can be blocked by your bank.
Once you've taken these immediate steps, look into protecting your accounts and devices from new hacking attempts.
How to recover your data after you've been hacked
If you've lost your data following a hack, there are a number of things you can try to get it back.
Data encrypted with some older ransomware software can be unlocked for free thanks to the efforts of law enforcement and the anti-virus industry. There is a list of tools at noransom.kaspersky.com. Be warned that some criminals sell supposed "unlocking" tools for a fee, or will offer a free tool that will just re-infect your computer, so only download software from a reputable source.
If the ransomware is not one for which there is an unlocking tool then you don't really have many options. If you have a backup of your data then the best option is usually to wipe your computer and restore from the backup.
Alternatively, if you have the System Restore (Windows) or Time Machine (macOS) options active, you can try to recover the encrypted data with a restore. On Windows, you can also try to retrieve your data using ShadowExplorer which is a tool that searches for shadow copies of your files and allows you to save them. This doesn't always work as newer ransomware will also seek out and delete the shadow copy backups as part of the infection process.
Whatever you end up doing, always make sure you have removed the malicious software by using an anti-virus program. If you try to remove the crypto-locker ransomware, you may lose all your encrypted data.
Conclusion
Many cybersecurity risks can be avoided with a little forethought. From clicking on an unusual link to offering data by mistake directly to hackers, your reputation, earnings, and safety could be at risk. Make sure you follow these recommendations to better protect yourself and your family.