when you end up with someones iphone (or mac or ipad or whatever) and you want to wipe it, the computer needs you to enter the credentials of their icloud account. it tells you whose icloud credentials you need, just like having the username entered but asking for the password.

icloud usernames can be used to send imessages to the owner of the account, like you could call someone with their phone number or IM them with their screen name.

the idea is that a thief ought not be able to just wipe and repurpose a stolen device but a gifted or purchased device should provide a method to contact the person so the new owner can wipe it.

it works pretty good because if a local thief contacts you trying to get you to let them have your device you can call the cops and you already have a line of contact with the person who has the stolen goods so the police can’t even say “yeah whatever, we don’t care, its gone heres some tissues” and it’s very easy to track them down. it also works great if you buy a used device from someone and they won’t clear it to wipe because if you have a transaction record like on ebay or facebook marketplace or something you can also go to the authorities and say “hey, i bought this, here’s proof, and the person i bought it from won’t relinquish ownership of it”

what happens now is thieves ship a bunch of phones off to somewhere outside the juristiction of the victims governments and then they break em down to be sold for parts. now there’s nothing the authorities can do and the thieves accomplices can try to socially engineer the victims into giving them what they want with impunity.

that’s whats happening in the linked article, the victim is being harassed by whoever bought their phone from a thief.

Oh it could be better for sure. But he’s got access to all the messages and data, getting a number at that point is probably trivial.