Possible iCloud security loophole!

[scouser75]

Hi guys, I've noticed a possible security loophole in the way Apple notifies us when our iCloud account has been hacked or amended.

Tonight I changed my password for my iCloud. Even though I've setup a non Apple email address to notify me if such activity happens I was only notified on my iCloud email address. BUT NOT on my non Apple email address. So if I had been hacked I would not know anything if the hacker immediately deleted the email received on my hacked Apple email!! The hacker can then change my password in which case I am stuck and in trouble!

Is there a way I can be more secure where an email is received to my non Apple email address?

I have now setup 2 step verification. But want to be notified on my secondary email address of any suspicious activity.

 

[Apple_Robert]

Any time I have made changes to my iCloud account, I get notified on the iCloud account email, as well as the non-apple email address.

It is possible, that there was a glitch or some other problem with your secondary account email.

 

[Shirasaki]

My secondary address works perfectly fine for me. And I do not have 2 step verification or 2FA.

 

[flyinmac]

Has always worked for me. But I don't have an iCloud email address. I only use my gmail email with iCloud to log in and authenticate.

 

[scouser75]

Thanks guys. Could it be the fact that I use my .me email address to log in to iCloud?

Also can someone please give me a guide to setting up my secondary email address in case I've set it up incorrectl.

 

[Gav2k]

Thanks guys. Could it be the fact that I use my .me email address to log in to iCloud?

Also can someone please give me a guide to setting up my secondary email address in case I've set it up incorrectl.

Go to Appleid.com once logged In tap the account button and where it says contactable at select add more. One it loads add additional email addresses. Each address you add will get a security alert if there is an issue

 

[scouser75]

I just went and checked my account and I actually DO have a recovery email address setup. It's a Gmail account but I get no emails sent to this gMail account when I change passwords etc. I'm going to contact Apple later today. Somethung somewhere ain't right!

 

[C DM]

I just went and checked my account and I actually DO have a recovery email address setup. It's a Gmail account but I get no emails sent to this gMail account when I change passwords etc. I'm going to contact Apple later today. Somethung somewhere ain't right!

Well, a recovery email address isn't one that would get notifications, it's there just for recovery purposes basically.

 

[scouser75]

Go to Appleid.com once logged In tap the account button and where it says contactable at select add more. One it loads add additional email addresses. Each address you add will get a security alert if there is an issue

I already have that setup but still no emails go to the account.

I spoke to Apple just now and they said that if your account is hacked, or accessed from an unknown device, Apple WILL ONLY send an email to your Apple ID email address and NO OTHER email addresses.

I explained that if an account is hacked, the first thing the hacker would do is DELETE the notification email that account has been accessed and the customer would be none the wiser. She said that was Apple's way of doing things!!!

Very very very odd!

 

[Primejimbo]

I think if you delete an email, you have put another one in. And you get an email to both the new and old email.

Set up 2 factor authentication and be done with it.
https://support.apple.com/en-us/HT204915

 

[scouser75]

I think if you delete an email, you have put another one in. And you get an email to both the new and old email.

Set up 2 factor authentication and be done with it.
https://support.apple.com/en-us/HT204915

I don't understand. Please explain.

 

[scouser75]

On 2 factor authentication, if I set-up my mobile phone number, when logging on to another device should I receive an SMS? Reason I ask is I've set up my mobile number and when I tried to log in I didn't receive an SMS. I had to go into my iCloud account on my iPhone and then request a authorisations code directly on the phone and NOT via SMS.

AN hour in and still no SMS has arrived. And the mobile phone number has been verified.

 

[scouser75]

Guys I'm having some problems with 2 factor authentication on my Mac Pro. Every single time I log in to the Mac it's asking me for my authentication code. I've entered it correctly several times but after every shut/log off and start up it asks.

The same thing if I log into icloud from a Web browser from that machine. It asks for a code every time.

What have I done wrong?