iCloud got hacked, created new apple i.d. but what paid-for apps?

[silverlakerCA]

My data (including icloud.com email) was breached in both a T-Mobile hack and a VW one too. My icloud.com is now out on the dark web and I created a new apple i.d.

But... all the apps I've paid for are associated with the first icloud.com account. Is there a way to get them moved to the new apple i.d.?

The hack and subsequent 'your information is on the dark web' is maddening.

I would appreciate your advice.

 

[Bigwaff]

My data (including icloud.com email) was breached in both a T-Mobile hack and a VW one too. My icloud.com is now out on the dark web and I created a new apple i.d.

Your iCloud account was hacked or simply included in breaches? If included in breaches, change your iCloud password, you can change the email your iCloud account is associated with if you want, and you can review your trusted phone numbers and remove any you don't recognize. If your iCloud account was actually hacked and you no longer have access, other than contacting Apple support, I'm not sure there is much you can do other than sign out of iCloud on all your devices. Transferring your paid apps and subscriptions to another iCloud account is definitely an Apple support question.

 

[silverlakerCA]

Your iCloud account was hacked or simply included in breaches? If included in breaches, change your iCloud password, you can change the email your iCloud account is associated with if you want, and you can review your trusted phone numbers and remove any you don't recognize. If your iCloud account was actually hacked and you no longer have access, other than contacting Apple support, I'm not sure there is much you can do other than sign out of iCloud on all your devices. Transferring your paid apps and subscriptions to another iCloud account is definitely an Apple support question.

My icloud.com account was not hacked but rather my icloud email and my phone number. I got a new number and launched a new apple i.d. account. But I have apps I paid for under my old icloud.com account and don't want to lose them or have to repurchase them again.

 

[Arctic Moose]

My icloud.com account was not hacked but rather my icloud email and my phone number.

Please define “hacked”.

If you can still log in to your iCloud account, just change your password, make sure MFA is turned on (for bonus points get three hardware security keys and use them as your second factor) and turn on Advanced Data Protection.

There is no need to start a new account if you have full control of the old one!

 

[silverlakerCA]

Please define “hacked”.

If you can still log in to your iCloud account, just change your password, make sure MFA is turned on (for bonus points get three hardware security keys and use them as your second factor) and turn on Advanced Data Protection.

There is no need to start a new account if you have full control of the old one!

My data was breached in the recent 23andme and T Mobile hacks. My icloud email is on the dark web and it's somehow been compromised by some company - in the last 24 hours I've received USPS tracking confirmations for incoming packages that are not mine. USPS customer service will not tell me where these packages are going or who is the sender!

 

[Apple_Robert]

If your iCloud email is the same as your Apple ID used for purchases and you can still log in, just change your password to one that is very secure and turn on 2FA. I would also set up and use Yubikey support. That way, ion one can set up a new device on your account without first getting authenticated by the physical Yubi Key in your possession.

As to the UPS emails, those get sent to most people. That is just typical Phishing emails sent by criminals trying to trick someone into handing over their credentials.

 

[Arctic Moose]

My data was breached in the recent 23andme and T Mobile hacks. My icloud email is on the dark web and it's somehow been compromised by some company - in the last 24 hours I've received USPS tracking confirmations for incoming packages that are not mine.

You are not answering the question.

Do you, or do you not, have full control over the account?

I.e. can you log in, change password, add or remove phone numbers, change MFA methods, etc?

 

[circatee]

...as most have said above, if you have access to your account, change your details and setup MFA.
That's it.

 

[laptech]

I think the OP is getting confused between the word 'hack' and the word 'data breach'. Hack relates to a an account being physically compromised, an unknown actor (as the police like to call them) was able to log in to a user account using their log in credentials. The OP says this did not happen to their account.

It therefore means the OP suffered a 'data breach' meaning a company that holds identifiable information on the OP such as email, phone numbers, home address, was compromised. There was no need to create a new Apple ID, just changing the password on the existing account would have sufficed.

If the OP is not happy that their existing icloud email has been compromised and thus created a new Apple ID, the only way I know of of getting paid for app's transferred over to the new Apple ID is for Apple support to do it because the app's are assigned to the apple ID that was used to purchase them and transfer of paid apps from one Apple ID to another is not something the user can do. You will need to contact Apple support.

 

[AZhappyjack]

If the OP is not happy that their existing icloud email has been compromised and thus created a new Apple ID, the only way I know of of getting paid for app's transferred over to the new Apple ID is for Apple support to do it because the app's are assigned to the apple ID that was used to purchase them and transfer of paid apps from one Apple ID to another is not something the user can do. You will need to contact Apple support.

I don't know if Apple can transfer apps between appleIds, but I do know that as a matter of policy they do not (assuming that their systems even allow it).

 

[Arctic Moose]

I think the OP is getting confused between the word 'hack' and the word 'data breach'.

Agreed.

However, if the breach included both user name and password, and MFA was not enabled, it is still possible that access to the account has been lost.

 

[laptech]

Agreed.

However, if the breach included both user name and password, and MFA was not enabled, it is still possible that access to the account has been lost.

The only time I log into my apple ID account on my iphone is when I want to connect to the app store. If Network providers are saving EVERY ounce of data that goes through their servers then that is a problem government authorities need to sort out because doing so would violate a number of data protection laws in that a company can keep the registration information of it's customers but it cannot keep and log user names and passwords of accounts that people access through the mobile network.

If Apple were the ones that had the data breach then yes changing the apple id password is a must but from the likes of T-Mobile? then nope because otherwise people would be changing their email passwords, their banking passwords, credit card app passwords, bitcoin app passwords and so forth and so forth because all these type of apps login and password goes via the mobile network and if T-Mobile is saving this data and storing it and it is THIS data that was compromised then yes it becomes a major problem, a problem T-Mobile does not want because it would get massive amounts of law suits from customers claiming numerous accounts they held were compromised and asking how did the unknown actor/s (police use those names for a criminal they do not know the identify of) know the login name and password of email accounts, banking accounts and such forth. Like I said, if T-Mobile saves ALL the mobile traffic that goes through it's servers then yes it's a major major problem for T-Mobile if that data was ever compromised because that data should be being saved in the first place.

The ONLY login names and passwords the OP should be concerned about is that of his/her T-Mobile account and their 23andme account.

 

[Arctic Moose]

If Network providers are saving EVERY ounce of data that goes through their servers then that is a problem government authorities need to sort out because doing so would violate a number of data protection laws in that a company can keep the registration information of it's customers but it cannot keep and log user names and passwords of accounts that people access through the mobile network.

Your Apple ID credentials are encrypted in transit when you log in to any legitimate Apple service, so it is irrelevant what any service provider along the way does with the bytes traveling along the wire.

My point is, if your data has appeared in a breach and you are not entirely certain what the source was or what was included, it is not a bad idea to change your passwords and check your MFA settings. (Especially if you have reused passwords or password patterns, credential stuffing is a thing.)

 

[silverlakerCA]

I think the OP is getting confused between the word 'hack' and the word 'data breach'. Hack relates to a an account being physically compromised, an unknown actor (as the police like to call them) was able to log in to a user account using their log in credentials. The OP says this did not happen to their account.

It therefore means the OP suffered a 'data breach' meaning a company that holds identifiable information on the OP such as email, phone numbers, home address, was compromised. There was no need to create a new Apple ID, just changing the password on the existing account would have sufficed.

If the OP is not happy that their existing icloud email has been compromised and thus created a new Apple ID, the only way I know of of getting paid for app's transferred over to the new Apple ID is for Apple support to do it because the app's are assigned to the apple ID that was used to purchase them and transfer of paid apps from one Apple ID to another is not something the user can do. You will need to contact Apple support.

Thank you for capturing what I failed to explain by using hack instead of breach.
Yes, I spoke to Apple support and they said flat-out it's not possible.
So I'll need to download my iphotos library to an external drive for uploading into my new apple id account.
Same for documents.
And then there's changing all my family and friends, business resources, you name it.
It's a royal pain but it stems for a real serious issue.

Thanks again.

 

[Arctic Moose]

So I'll need to download my iphotos library to an external drive for uploading into my new apple id account.
Same for documents.
And then there's changing all my family and friends, business resources, you name it.

But do you really? If you are still able to access your old account there is no need to go through all that.

It's a royal pain but it stems for a real serious issue.

You have still not explained what exactly it is you perceive that the serious issue is.

Being included in a data breach does not necessarily need to mean anything at all. (I still successfully use e-mail addresses I have had for 30 years, and that have been included in many, many data breaches.)

 

[dasjati]

Thank you for capturing what I failed to explain by using hack instead of breach.
Yes, I spoke to Apple support and they said flat-out it's not possible.
So I'll need to download my iphotos library to an external drive for uploading into my new apple id account.
Same for documents.
And then there's changing all my family and friends, business resources, you name it.
It's a royal pain but it stems for a real serious issue.

Thanks again.

The thing is: No, you don't need to do any of this as others have already explained. Why do you ignore that?
There is absolutely no need to set up a new Apple ID. Zero.
If I had done this every time my email address showed up in a data breach, I would have probably collected like 30, 40 Apple IDs by now.
It is not necessary to do what you are about to do.

 

[shotts56]

Thank you for capturing what I failed to explain by using hack instead of breach.
Yes, I spoke to Apple support and they said flat-out it's not possible.
So I'll need to download my iphotos library to an external drive for uploading into my new apple id account.
Same for documents.
And then there's changing all my family and friends, business resources, you name it.
It's a royal pain but it stems for a real serious issue.

Thanks again.

As others have said, why on earth are you doing this ? You don't need to, just change your password.

Your email address will appear on the dark web many many times, that's just life. They cant do anything with it unless they have your password as well, which is why you should change it.

The fact you received a spam email has no relevance, you probably receive 50 a day and your email provider blocks most of them or routes them to spam. Occasionally one will get through.

Panic like you are doing and you are just giving yourself a lot of work, and stress, for absolutely no reason at all.~

 

[iHorseHead]

A bit of an off topic: When YouTubers used to promote that 23andme all the time a few years ago, I just knew that the data breach was coming and never even bothered.
I've lost trust on all companies ever since the Yahoo! incident.