Sarai Hannah Ajai Hacking Incident Report for the VERIZON ACCOUNT, APPLE ECOSYSTEM, AND HOME-NETWORK MIDCO COMPROMISES
VERIZON ACCOUNT, APPLE ECOSYSTEM, AND HOME-NETWORK MIDCO COMPROMISES
Prepared by: Sarai Hannah Ajai
Hacking Incident Report
Updated Through: March 31, 2026
Location: 2432 20th Ave. S. Apt 205, Fargo, North Dakota
I. Executive Overview (Updated Through March 31, 2026)
This updated incident summary extends the documented timeframe through March 31, 2026 and reflects a continuing pattern of suspected unauthorized access attempts, credential interference, authentication instability, and repeated defensive recovery actions affecting my Verizon account, Apple ecosystem devices, and home-network environment. This update builds directly on the prior report framework that had already documented the continuing pattern through February 28, 2026, including the January 2026 router replacement and the February and March 2026 cross-platform activity.
As previously documented, I replaced my prior ASUS RT-AX1800S router with a Netgear Nighthawk Dual-Band Router WiFi 7 in January 2026, yet the pattern of security-sensitive resets, passcode changes, PIN changes, and device-password changes continued afterward. The prior report had already identified this post-replacement continuity as significant because it reduced the likelihood that the overall pattern could be explained solely by one router credential issue or one local misconfiguration.
The newly attached March 2026 worksheets materially strengthen that same pattern. Based on the March records provided, the activity continued across multiple categories at once, including:
- Verizon iPhone 17 account password changes
- Verizon iPhone 17 account PIN changes
- Verizon voicemail code changes
- iPhone 17 passcode changes
- iPhone 17 Screen Time passcode changes
- Apple Watch Series 7 PIN changes
- iPhone 17 cellular eSIM PIN changes
- Apple Mac Mini M1 iCloud / ecosystem password changes
- Apple Mac Mini M1 device-only password changes
- Apple iPad Air M3 device-only password changes
The March worksheets appear to show 28 date-stamped March incident rows, with several tracked categories also reflecting 28 entries, while Mac Mini M1 iCloud and device-only password categories reflect 26 entries, and the iPad Air M3 device-only password category reflects 25 entries. Using the same workbook methodology as the prior report, March 2026 therefore appears to add 28 logged credential reset / recovery entries to the documented timeline.
II. Updated Quantitative Summary of Logged Credential Reset / Recovery Events
Month-by-Month Worksheet Totals
Using the same forensic workbook methodology described in the prior report, the updated month-by-month totals now appear as follows:
Month | Logged Credential Reset / Recovery Entries |
May 2025 | 24 |
June 2025 | 30 |
July 2025 | 39 |
August 2025 | 30 |
September 2025 | 23 |
October 2025 | 29 |
November 2025 | 29 |
December 2025 | 30 |
January 2026 | 27 |
February 2026 | 19 |
March 2026 | 28 |
Total (May 2025 – March 2026) | 308 |
The prior report established a total of 280 entries through February 28, 2026.
With the March 2026 worksheet added using the same row-count approach, the updated documented total is now 308 logged reset / recovery events.
Interpretation
This updated total further strengthens the inference that the activity documented in the workbooks reflects persistent compromise pressure, not ordinary security maintenance. The significance of March 2026 is not merely that another month of entries exists, but that the March 2026 material appears to show repeated multi-category defensive changes occurring during the same month across carrier credentials, device credentials, passcodes, PINs, and Apple ecosystem authentication layers.
In practical terms, the March 2026 material appears to document repeated defensive changes affecting:
- Verizon iPhone 17 account password
- Verizon iPhone 17 account PIN
- Verizon voicemail code
- iPhone 17 passcode
- iPhone 17 Screen Time passcode
- Apple Watch Series 7 PIN
- iPhone 17 cellular eSIM PIN
- Apple Mac Mini M1 iCloud / ecosystem password
- Apple Mac Mini M1 device-only password
- Apple iPad Air M3 device-only password
I am not treating blank or unpopulated March columns as proof of activity where the March worksheet pages do not visibly show completed entries. Accordingly, although the worksheet layout includes fields for iPhone 17 About Name and iPhone 17 Wi-Fi, I do not rely on the March pages as proving populated March changes in those categories unless separately documented elsewhere.
III. Device and Account Scope (Expanded Through March 2026)
The prior report already documented that the security impact extended beyond a single device and affected a broader Apple and telecommunications environment, including the iPhone 11, iPhone 17, Apple Watch Series 7, Mac Mini M1, Apple iPad Air M3, Verizon account controls, voicemail, eSIM controls, and the home LAN / Wi-Fi environment.
The March 2026 material further supports that same ecosystem-wide scope. The newly attached March 2026 entries show that the continuing activity was not confined to one phone or one account surface. Instead, it continued across:
- Verizon account layer
- account password
- account PIN
- voicemail authentication
- iPhone 17 device layer
- device passcode
- Screen Time passcode
- cellular eSIM PIN
- Apple accessory and companion-device layer
- Apple Watch Series 7 PIN
- Apple computer and tablet layer
- Mac Mini M1 iCloud / ecosystem password
- Mac Mini M1 device-only password
- iPad Air M3 device-only password
This continuing cross-platform pattern materially strengthens the conclusion that the incident history is ecosystem-wide, spanning carrier account controls, Apple trust-chain relationships, local passcodes, PINs, and home-network-adjacent security settings rather than a single isolated credential problem.
IV. Updated Technical Environment
The prior report described the technical environment as follows: Midcontinent Communications ISP, Netgear Nighthawk CM1200 modem, Netgear Nighthawk Dual-Band Router WiFi 7 replacing the prior ASUS RT-AX1800S, with the Mac Mini M1 connected by Ethernet and mobile devices using hybrid Wi-Fi and cellular connectivity.
That technical description remains materially relevant here. The continuing March 2026 activity is significant because it occurred after the January 2026 router replacement already discussed in the prior report. As previously noted, that continuity makes a one-router-only explanation less persuasive and remains more consistent with one or more of the following conditions:
- credential or session misuse at the carrier-account layer;
- repeated re-authentication pressure involving Apple ID / iCloud or related Apple trust relationships;
- persistence affecting one or more devices independently of the January router swap;
- SIM / eSIM provisioning interference or related cellular account-layer manipulation;
- broader multi-surface account interference not resolved by replacing local networking hardware.
This remains a forensic inference, not a final attribution statement.
V. March 2026 Analysis (Newly Added Update)
March 2026 is a material extension of the incident timeline.
If February 2026 established that the pattern remained active across several surfaces at once, March 2026 shows that the same pattern did not stop. Instead, the March records indicate a sustained sequence of repeated security-sensitive changes across Verizon controls, device passcodes, Apple Watch controls, eSIM controls, Mac Mini M1 passwords, and iPad Air M3 password events.
Key March 2026 indicators visible from the attached worksheets
The March pages appear to show the following category totals:
- Verizon iPhone 17 changed password: 28
- Verizon iPhone 17 changed PIN: 28
- Verizon voicemail code time change: 28
- iPhone 17 passcode changed: 28
- iPhone 17 Screen Time passcode: 28
- Apple Watch 7 PIN: 28
- iPhone 17 Settings Cellular eSIM PIN: 28
- Apple Mac Mini M1 ecosystem / iCloud password: 26
- Apple Mac Mini M1 device-only password: 26
- Apple iPad Air M3 device-only password: 25
Why March 2026 matters
March 2026 materially strengthens several conclusions:
1. Persistence
The pattern continued into yet another month after the January router replacement and after the concentrated February activity already documented in the prior report.
2. Breadth
The activity simultaneously touched:
- carrier-account controls,
- voicemail controls,
- iPhone passcode and Screen Time controls,
- Apple Watch PIN controls,
- cellular eSIM controls,
- Mac Mini M1 credentials, and
- iPad Air M3 credentials.
3. Cross-device continuity
The March worksheets show the continued overlap of phone, watch, computer, and tablet security events within the same month.
4. Operational burden
The number and repetition of the March entries indicate an ongoing need to re-secure multiple systems, preserve access, and maintain account control through repeated manual actions.
5. Evidentiary value
March 2026 is important because it does not merely add one more isolated incident. It extends the same documented pattern into a new month with a substantial incident count and continued multi-category overlap.
In plain terms, March 2026 appears less like routine maintenance and more like an additional month of repeated defensive credential rotations across an already stressed digital environment.
VI. Federal Statutes Potentially Implicated
The prior report identified several federal statutes that may be relevant if substantiated by provider logs, forensic review, or investigative findings, including:
- 18 U.S.C. § 1030 — Computer Fraud and Abuse Act
- 18 U.S.C. § 2511 — Interception of Electronic Communications
- 18 U.S.C. § 1028 — Fraud and Related Activity Involving Authentication Information
- 18 U.S.C. § 2261A — Repeated Electronic Harassment / Cyberstalking
- 47 U.S.C. § 222 — Carrier Duty to Protect Customer Proprietary Network Information
- 47 C.F.R. § 64.2010 — Carrier authentication and CPNI safeguards
The March 2026 additions do not change the legal framework already identified in the template. They strengthen the factual basis for preservation requests, provider review, and formal escalation by showing that the suspected interference pattern continued through another documented month.
VII. Forensic Indicators (Strengthened Through March 2026)
The continuation of events through March 31, 2026, further strengthens the following forensic indicators already identified in the prior report:
- persistent reset cadence across many months;
- multi-surface impact affecting carrier credentials, voicemail, Apple ecosystem authentication, local-device passcodes, eSIM controls, and Apple companion devices;
- evidence more consistent with account-layer or multi-surface interference than with one forgotten password or one isolated endpoint issue;
- continued compromise indicators after router replacement;
- expanding and sustained overlap across iPhone, Apple Watch, Mac Mini M1, iPad Air M3, and Verizon account-control layers.
These indicators still do not by themselves prove a specific actor or technical method. They do, however, support continued preservation, provider review, and escalation.
VIII. Methodology (Updated Data Sources)
The prior report explained that the counts were derived from forensic Excel workbooks and related records, with each qualifying entry corresponding to a date-stamped row documenting one or more security-relevant changes.
That same methodology has been applied here. The updated totals now include:
- May 2025 through November 2025
- December 2025
- January 2026
- February 2026
- March 2026
For March 2026, I used the same row-based worksheet method reflected in the prior report. Based on the attached March pages, the month appears to contain 28 date-stamped incident rows, which is why March 2026 is added here as 28 logged reset / recovery entries. Category-specific March totals are reported separately where visible on the worksheets.
IX. Evidentiary Significance
This report is intended to preserve a factual pattern, not to speculate beyond what the records reasonably support. The updated record is significant because it now shows:
- repetition across eleven months of documented activity;
- continuity after defensive actions and hardware changes;
- overlap across multiple systems rather than one isolated credential problem;
- measurable operational burden and repeated account-control disruption; and
- a continuing basis for requesting preservation and access-review records from Verizon, Apple, and related providers before retention windows expire.
The updated record may be compared against:
- Verizon account-access logs
- Verizon PIN-reset records
- Verizon voicemail access logs
- eSIM provisioning or modification records
- Apple ID sign-in history
- trusted-device history
- password-reset history
- support case records
- IP/session metadata
- device serial, activation, and re-enrollment history
X. Harm and Impact
The repeated password changes, PIN changes, passcode changes, and device-security interventions have substantially interfered with my ability to maintain stable use of my Apple devices, Verizon services, and home-network environment. The prior report already documented the practical harm caused by these recurring disruptions, including time expenditure, instability, and impaired confidence in trusted-device relationships.
The March 2026 additions materially increase that harm profile by extending the same pattern into another month and showing that the operational burden remained active across several devices and account layers at once.
The harm includes:
- repeated disruption to ordinary device and account use;
- continual time expenditure to restore or preserve access;
- repeated forced defensive credential rotations;
- instability across phone, watch, tablet, and computer trust relationships;
- increased difficulty maintaining ordinary continuity across communications, account access, and cloud-linked services.
This was not a trivial inconvenience. It reflects a prolonged instability affecting systems I rely upon for communication, records, daily access, and digital security.
XI. Main Complaint or Declaration
You can drop the following replacement language directly into a larger complaint, declaration, affidavit, or agency filing:
“Between May 1, 2025 and March 31, 2026…”
“Total Recorded Reset/Recovery Events: 308 entries (May 2025 – March 2026).”
“March 2026 alone reflects approximately 28 logged reset or recovery entries, with repeated activity documented across Verizon account credentials, voicemail authentication, iPhone 17 passcode and Screen Time controls, Apple Watch Series 7 PIN controls, iPhone 17 cellular eSIM PIN settings, Apple Mac Mini M1 iCloud and device-only passwords, and Apple iPad Air M3 device-only password events.”
“The March 2026 records materially strengthen the conclusion that the suspected interference pattern remained active after the January 2026 router replacement and continued across multiple devices and account layers rather than one isolated credential surface.”
XII. Conclusion
Based on the documented records now extending through March 31, 2026, the overall pattern remains consistent with a prolonged course of suspected unauthorized access attempts, authentication interference, credential instability, or related digital compromise activity affecting my Verizon account, Apple ecosystem devices, and home-network environment.
The updated total of 308 logged reset / recovery events from May 2025 through March 2026, together with the repeated March 2026 activity across Verizon controls, iPhone 17 security controls, Apple Watch PIN controls, eSIM controls, Mac Mini M1 credentials, and iPad Air M3 password events, materially strengthens the conclusion that this was not ordinary security maintenance.
Instead, the record reflects repeated defensive actions taken in response to continuing compromise indicators across multiple interconnected systems.
The facts documented here justify:
- formal evidence preservation;
- provider log review;
- regulatory or investigative escalation where appropriate; and
- continued treatment of this matter as a serious digital-security incident with potential federal implications under the statutes and carrier-protection duties already identified in the prior report.
XIII. Printed Name Block
Prepared by:
Sarai Hannah Ajai
Comments
Post a Comment