Sarai Hannah Ajai Legal Incident Report for Unauthorized Access to Apple iCloud Account and Compromise of Hardware-Based Security Keys

INCIDENT REPORT

Unauthorized Access to Apple iCloud Account and Compromise of Hardware-Based Security Keys

Reporting Party: Sarai Hannah Ajai

Jurisdiction: Fargo, North Dakota

Account Context: Apple iCloud account associated with Apple iPhone 17 and Apple Mac Mini M1

Security Devices Involved: Two (2) Yubico hardware security keys enrolled as Apple Two-Factor Authentication (2FA) credentials

 

I. EXECUTIVE SUMMARY

This Incident Report documents a suspected unauthorized access event involving my Apple iCloud account and the unexplained failure of two independently configured Yubico hardware security keys protected by distinct Personal Identification Numbers (PINs). The incident resulted in a temporary lockout of my iCloud account on February 8, 2026, and raises serious concerns regarding potential compromise, interference, or unlawful access to protected electronic authentication mechanisms.

The nature of the incident is particularly concerning because hardware security keys, when properly configured, are designed to be resistant to remote compromise, credential theft, and replay attacks. The simultaneous failure of two security keys—each secured by separate PINs known only to me—raises unresolved questions about whether third parties obtained unauthorized knowledge of the PINs, interfered with authentication flows, or accessed protected systems in violation of federal law.

This report is submitted to preserve evidence, establish a formal record, and request appropriate investigation into whether criminal statutes governing computer fraud, electronic access devices, and harassment have been violated.

 

II. FACTUAL BACKGROUND AND TIMELINE

A. Security Key Enrollment History

1. On January 30, 2026, I lawfully purchased and enrolled two Yubico hardware security keys into my Apple iCloud account as part of Apple’s Two-Factor Authentication system.

2. Each security key was configured with its own unique four-digit PIN, specifically:

o Security Key A PIN: 4782 (Purple & Pink Pattern)

o Security Key B PIN: 1827 (Red Dots)

3. These PINs were never written down, shared, transmitted electronically, or disclosed to any third party.

 

B. Date, Time, and Method of Discovery

• Date of Discovery: February 8, 2026

• Approximate Time: Between 6:05 PM and 6:15 PM (local time)

• Method of Discovery:

I attempted to log into my Apple iCloud account on my Apple Mac Mini M1 using my Apple ID email and password, followed by Apple’s required Security Key Two-Factor Authentication process.

During this process:

• Each Yubico security key was inserted as prompted.

• The correct corresponding PIN was entered for each key.

• Despite correct entry, Apple’s system repeatedly displayed the error message:

“Failed to verify your identity. Try again.”

After repeated failures, my iCloud account was temporarily locked due to unsuccessful authentication attempts.

 

C. Account Recovery Actions

To regain access:

1. I authenticated directly on my Apple iPhone 17 using my six-digit device passcode.

2. I removed both Yubico security keys from my iCloud account.

3. I reset the four-digit PINs on both hardware security keys.

4. I re-enrolled the keys under:

Settings → Sign-In & Security → Two-Factor Authentication.

5. Following re-enrollment, I was able to successfully log back into my Apple iCloud account.

While access was restored, the root cause of the initial authentication failure remains unexplained and unresolved.

 

III. CORE SECURITY ANOMALY AND UNRESOLVED QUESTION

This incident presents a critical and unresolved security question:

How were two independent hardware security keys—each protected by separate PINs known only to the reporting party—rendered simultaneously unusable during authentication, absent user error or physical compromise?

Hardware security keys are expressly designed to prevent:

• Remote interception of credentials

• Phishing-based compromise

• Replay or man-in-the-middle attacks

The failure of both keys, in sequence, suggests one or more of the following possibilities:

• Unauthorized knowledge or inference of both PINs

• Unauthorized interference with authentication requests

• Compromise of device-level security controls

• Unauthorized access to the associated Apple ID or trusted device environment

Any of these scenarios would imply access or interference beyond ordinary user error and warrants investigation.

 

IV. ADDITIONAL SECURITY AND SAFETY CONCERNS

A. Unauthorized Device and Account Access Concerns

I am experiencing ongoing concerns regarding potential unauthorized access to:

• My Apple iPhone 17

• My Apple iCloud account

• My V*r*z*ncellular account associated with phone number (6**) ***-61**

I have never authorized any individual—including tenants, acquaintances, or family members—to:

• Access my devices

• Manage or monitor my cellular account

• Clone, mirror, or intercept my communications

• Possess or manage my authentication credentials or security keys

 

B. Residential Interference and Harassment Context

I believe I may be intentionally targeted by individuals within my residential building who have made unsolicited statements suggesting knowledge of or control over my mobile device. I do not personally know these individuals and have never shared credentials or access with them.

Additionally, I have experienced repeated, unwanted verbal statements of a sexual nature from a neighboring tenant. This conduct constitutes harassment and has materially contributed to my fear that my privacy, safety, and digital security are being intentionally violated.

Notably, I have observed that after changing passwords, PINs, or passcodes, suspicious behavior appears to resume within a short period of time, reinforcing concerns of unauthorized access or monitoring.

 

V. APPLICABLE FEDERAL STATUTES (NON-EXHAUSTIVE)

Based on the facts documented above, the following federal statutes may be implicated:

1. 18 U.S.C. § 1030 – Computer Fraud and Abuse Act (CFAA)

Prohibits intentional access to a protected computer without authorization, or exceeding authorized access, to obtain information or impair system integrity.

2. 18 U.S.C. § 1029 – Fraud and Related Activity in Connection with Access Devices

Governs unauthorized use or possession of authentication devices, credentials, or security mechanisms used to access protected systems.

3. 18 U.S.C. § 2511 – Interception of Electronic Communications

Prohibits intentional interception or attempted interception of electronic communications.

4. 18 U.S.C. § 2261A – Interstate Stalking and Harassment

Addresses patterns of conduct causing substantial emotional distress through electronic means.

5. 18 U.S.C. § 1028 – Identity Theft and Related Crimes

Applies where personal identifying information or authentication mechanisms are misused without lawful authority.

This report does not assert conclusions of guilt but documents facts sufficient to warrant inquiry under these statutes.

 

VI. EVIDENCE AND EXHIBITS

The following exhibits are preserved and available upon request:

• Exhibit A: Apple iCloud Two-Factor Authentication configuration evidence

• Exhibit B: Reset of Apple iCloud Two-Factor Authentication dated February 8, 2026, following lockout

 

VII. PURPOSE OF REPORT

This report is submitted to:

• Preserve an accurate factual record

• Document potential unauthorized access to protected systems

• Support future forensic, administrative, or law-enforcement review

• Protect the reporting party’s legal rights and digital security

I affirm that the statements herein are true and accurate to the best of my knowledge and belief.

 

Respectfully Submitted,

Sarai Hannah Ajai