And my phone was stolen out from my hands.

Within three minutes I was locked out of my own Apple ID

And within 24 hours I noticed that there were thousands of dollars being taken out of my bank

account.

People have been reaching out to me with stories like this lately.

Their iphones are stolen and all the protections and security,

they thought they had didn't matter bank account emptied credit cards

opened.

No more access to photos,

contacts and anything in their iCloud.

Their digital lives.

Gone.

How it all leads back to the theft of the iPhones.

Passcode,

it turns out that code that can unlock your phone can also help someone else

unlock your entire digital life.

You lose your phone,

you don't think about how you can lose everything else.

I'm a good Apple customer.

I back everything up to iCloud and I thought I would come back home

log in on my Macbook and everything just would be fine.

That's not what happens.

Once you take over someone's Apple I.

D.

It's game over for them.

After months of reporting,

I've been able to break down how these attacks are happening and how you can better protect

yourself at least until better protections exist

at a bar at night.

That's where many of these stories begin.

I was distracted and then the phone was gone.

He was next to me,

he grabbed the phone and then disappeared.

Rayon story is similar to many others in new york and around the country but it's

1300 miles away from new york that they've pinned down what's happening,

investigators say thieves worked together to steal phones,

then use apps to take hundreds of thousands of dollars in Minneapolis 12 people

have been charged in a phone robbery ring where nearly $300,000 had been

taken from at least 40 victims.

This is the arrest warrant for one of the people accused in that scheme.

It says the group targeted bar goers often by befriending them and then transferred

large sums of money via various financial apps on the stolen phones.

So I tracked down Sergeant Robert Illestschko,

the lead investigator on the case to find out more about how these thieves got

into the phones.

Do you think there's a chance you put in your path code that night?

Potentially.

Yeah.

And that's why the entirety of security cannot hinge on those six digits

similar crimes have been reported in Austin,

Denver boston and London and in new york.

Reagan is amongst hundreds of victims according to people familiar with the investigations.

Some victims in those cities say they believe they were drugged before their phone was taken When

I reached out to apple for comment,

here's what they said.

We sympathize with users who have had this experience and we take all attacks on our users

very seriously no matter how rare the thefts described are

uncommon and require multiple physical steps stealing a user's device is

not enough.

We will continue to advance the protections to help keep user accounts secure but

can an iphone passcode really unlock your entire financial and personal

life.

Let's pretend this is Reagan's iphone 13 pro max and the thieves observed the

passcode in every story I've heard the thieves very first step was to change

the Apple I.

D. Password to lock the owners out this way they could turn off find my

iphone so the phone couldn't be located.

You realize your phone has been stolen.

What do you what do you do next at the bar?

I log in to find my iphone on my friend's phone right away.

I wasn't able to do that because in three minutes that had

passed my Apple ID password which I'm absolutely sure of by the way

was changed to change the Apple I.

D. Password on an iphone.

All someone has to do is go to settings tap the iCloud name,

then password and security and change password.

Then you're prompted for.

Yes the iphones passcode input it and you can create a new pass

code for the Apple I.

D.

And the thief can then use that to turn off find my iphone with the pass code.

They can log the owner out of their other trusted devices like ipads and Macs.

Change the trusted phone number and add something called a recovery key,

adjusting all that can further lock you out of your account potentially

forever.

I've had my Macbook for way too long.

I'm almost embarrassed to say it on camera honestly and it's It's

locked out.

I tried every avenue through Apple support.

Then I realized the bank transactions and that's when it hit

me that this is way beyond just a petty phone theft after the Apple

account it's onto the money.

All eight of the victims I spoke with said they had thousands of dollars taken in the 1st 24

hours after the theft.

I saw that they transferred some money from my savings account to my checking account

and then took a whole bunch in the form of application.

You say a whole bunch how much?

About $10,000?

How do they get the money?

Reagan and others I spoke with had the passwords to their bank apps saved in.

Apple's built in password manager.

So when you go to a bank app the software tells you the password is saved.

All you need is a face I.

D. Scan or.

Yes the phone's passcode to get in.

And if the app requires a text message code to confirm it's really you well the thieves already

have your phone,

they go after other financial apps to Venmo coin based zell.

I've heard them all and they can use Apple Pay because that just needs the passcode

to.

So I got the email that An Apple card titanium has been approved in my

name.

And shortly afterwards I also got some receipts some charges of like

$5,000 thieves opened those Apple credit cards using a victim's social

security number which may be found in photos of documents stored on the phone.

What about Android?

Do you have a sense of why that is

that said the passcode can do a lot of the same in Google's operating system.

Most of the people who had their phone stolen,

got the money back by filing fraud reports with the banks and other financial

companies But some of them remain locked out of their apple accounts unable to

access years of photos,

notes,

contacts,

recordings and more.

I've been using um I cloud for 15 years

for them to store my memories and keep them safe

and they're all gone and being

told permanently that I've lost all of those memories have been very

hard.

An Apple spokeswoman said that the company's account recovery policies are in place to protect users from

unauthorized access to their accounts while reporting this story.

I've been really freaked out by all of this when you look at this board and see how a short

string of numbers can unravel your whole digital life.

You realize it's time to do something more at least until Apple figures out some

solutions to this vulnerability.

So I'm gonna ask you to do three things to protect yourself the same.

Three things I've done on my own iphone,

make your passcode stronger,

go to settings face I.

D. And pass code and make it at least six digits even better.

make it an alpha numeric code,

treat it like an A.

T. M.

Pin on some financial apps such as Venmo,

you can go to the app settings to enable additional passcode protection.

Just don't pick the same passcode as your phone.

Of course using face ID and touch I.

D. Will also help you avoid using your passcode in public.

Next rethink your password manager,

go to settings passwords and remove any passwords and login info to the

banks and other financial apps on your iCloud key chain.

For now you're better off with a third party password manager that requires a separate

password for access.

Finally delete photos with sensitive personal information.

Go to photos and delete images of your driver's license,

passport tax forms etcetera.

Keep them in a password protected third party password manager instead.

Yes there's more that you can do but there's also more that Apple can do to lessen the

power of the passcode,

which right now can unlock pretty much everything in your life.