Last Tuesday I had the Safari browser open on the county assessor’s web site to pay my 2nd half property tax.

A small window popped up stating that some services would be limited unless I entered my Apple credentials. I did so, and saw a small box that I could check to get my MacBook backed up via iCloud. That seemed to be a good thing, so I checked it, closed the pop-up, then made my property tax payment.

When I closed the browser window I saw, to my horror, that every document on my desktop was gone. Vanished. And I subsequently discovered that every user-created document on my MacBook was gone. Years of work and history lost.

Off to the Apple Store. I took my Time Machine backup disks so I could get all restored. The genius told me that there must have been an iCloud glitch (no shit, Sherlock?). He said he wouldn’t need the backup disks because he could restore the documents from the cloud. That took a long time, but an hour later I headed home.

At home, the very first app I tried, emacs, failed to launch properly because a file required by my ~/.emacs file was missing. Highly likely that many other files were missing too.

Wednesday – back to the Apple Store. An hour and a half wait for another genius. Genius conceded that a restore from my Time Machine backup disk would be better than the iCloud restore. Three hours later I headed home. All seemed to be fully restored, until…

Thursday – I tried to login to my admin account. Couldn’t. No, I hadn’t forgotten my password. If I had entered an incorrect password I would’ve been prompted to try again. But no, my Mac just locked up. A power-off reset was the only way to get it running again.

Friday – back to the Apple Store. They have no clue. I know far more about unix, the foundation of macOS, than any “genius” there. I’ll have to fix the admin account problem myself.

Beware the iCloud.

I have never used any outside server services to store my important files. I have used Box to store some copies of work documents, powerpoint files, etc., with the originals in my desktop, but never with photos, music, financial files, etc. That kind of stuff is backed up into an external drive, updated several times every month. Plus for really important files (finance, wills, etc), I have paper backups as well, and a USB drive off site as well.

quote:

A small window popped up stating that some services would be limited unless I entered my Apple credentials....

Is that normal?

Didn't you have a hard back up anywhere?

Sounds like phishing.

Looks like you fell for a phishing scheme by clicking on a website you thought was legit.
Then compounded the issue by following their instructions without thinking.
Ruh row.

If you entered your Apple ID login info to a piece of malware that popped up on your browser, you may well have opened everything on your Mac to exposure.

I have had a Mac since 1984 through every iteration of hardware and software; I've never had that message pop up legitimately from Apple. I have had multiple varieties of malware ask me to enter various credentials; and my wife frequently asks me about questionable things that pop up from "MacKeeper" and the like.

I am definitely not an expert in cybersecurity and do not know whether this event could open your personal financial data to identity theft and the like.

quote:

Originally posted by smschulz:
Looks like you fell for a phishing scheme by clicking on a website you thought was legit.
Then compounded the issue by following their instructions without thinking.
Ruh row.

Sad to say, but, this ^^^^^

Or his country's tax assessor's web site is compromised.

You got phished.

That stinks for sure.

I'd recommend you change your iCloud password IMMEDIATELY from another device. If the recovery didn't write over the WHOLE drive, wipe it and then reinstall all of your apps and files afterwards.

It is possible they got your iCloud username and password, and you might have been to a fake iCloud site.

This should be more a warning about clicking on popup "reminders" totally unrelated to what you are doing. Because odds are excellent to 100% that those helpful "reminders" are in fact links to some very nasty malware.

If you have an iPhone with two factor authentication, you'll get a notification someone is trying to use your iCloud password and gives you a six digit verification code.

Do you use an iPhone?

quote:

Originally posted by SigSAC:
I'd recommend you change your iCloud password IMMEDIATELY from another device.

Not just that. If he was phished, and it sure looks that way, and his files grabbed: Anything and everything that contained credentials information that was in the files on that computer.

I don't even like to think of the fallout of somebody getting a copy of my encrypted keyring (aka: password safe/manager)

quote:

Originally posted by Scooter123:
This should be more a warning about clicking on popup "reminders" totally unrelated to what you are doing.

I was avoiding pointing that out, because he's got enough trouble as it is, but, yeah.

Why didn't the "geniuses" at the Apple store mention this?

Man, I hate to hear this happened to you.

FWIW, I heard so many warnings about never clicking on anything popping up on my screen that I immediately X on any balloon that comes on the screen. I turned off all automatic notifications long ago, and only back up to iCloud manually.

I did get fooled once, but fortunately got everything back.

I mainly use a Western Digital 2 TB drive that I use as Time Machine. When I do back up on the Cloud, I do it on the WD drive first.

quote:

Originally posted by ensigmatic:
Not just that. If he was phished, and it sure looks that way, and his files grabbed: Anything and everything that contained credentials information that was in the files on that computer.

Very good advice right there. It will be a pain in the ass to do but you need to go through all your stuff right now. Chances are very good that a bad guy is and not manually but electronically.

I think I just got this same alert about entering my iCloud information just now. But it was on my PC, not my Mac. At any rate I remembered this thread and just cancelled it.

quote:

Originally posted by smschulz:
Looks like you fell for a phishing scheme by clicking on a website you thought was legit.
Then compounded the issue by following their instructions without thinking.
Ruh row.

I don’t think so. I just changed my Apple account PW, like this:

On my iPhone:
Settings => Update Apple ID Settings

Saw: “Some account services will not be available until you sign in again” Did that.

Then:
Settings => [Me] => Password & Security => Change Password

Entered new PW and chose: “Sign out other devices”. Signed out.

Then I successfully logged in to:
appleid.apple.com
Using my new PW. I don’t think I could’ve done that if my Apple account had been hacked.

quote:

Originally posted by downtownv:
Didn't you have a hard back up anywhere?

Of course I did. See my OP:
“Off to the Apple Store. I took my Time Machine backup disks so I could get all restored.”

quote:

Originally posted by Pipe Smoker:

A small window popped up stating that some services would be limited unless I entered my Apple credentials. I did so, and saw a small box that I could check to get my MacBook backed up via iCloud.

That is a straight-up phishing scam.