Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

So it happened - My Apple ID was compromised

EugW

EugW

macrumors P6
Original poster
Jun 18, 2017
15,659
13,853
Earth (for now)
I woke up early this morning to an email notification that someone had signed into iCloud using my gmail account. However, as I was asleep, obviously it wasn't me. I jumped out of bed and reset my Apple ID password, reset my security questions, turned on 2-factor authentication (yes, yes I know I should have done that earlier), and checked my account.

The device that logged in was an iPhone 5 with FindMy turned off. Nothing was done to the account aside from turning on iCloud Backup, but there was no activity even in iCloud Backup. Fortunately, this is an email I never use for the Apple ecosystem but which I had registered as a secondary Apple account. (I already had 2-factor authentication active for my primary Apple account.) On this secondary account, there were no files, no personal data, no mail, no photos, and no payment info. I couldn't check if they had sent anything through iMessage though since AFAIK there is no way to check that online.

I don't think my gmail account itself was compromised, as it already requires 2-factor authentication and I didn't get any login notifications, but nonetheless I changed the password on that account too.

I wonder how they got into my Apple ID. I'm thinking someone may have guessed my security questions, although I suppose they could have somehow bruteforced the password. Overall, it wasted a couple of hours of my time. Could have been worse I suppose.
 
  • Wow
Reactions: max2 and KaliYoni
Was the email actually from Apple or was it possibly a phishing attempt to get you to think it had been compromised and taking action through their website by signing in with your previous credentials?

It sounds like you took the correct action and updated the password through legitimate channels, instead of simply signing in.
 
mjs916 said:
Was the email actually from Apple or was it possibly a phishing attempt to get you to think it had been compromised and taking action through their website by signing in with your previous credentials?

It sounds like you took the correct action and updated the password through legitimate channels, instead of simply signing in.
Click to expand...
It was a legit Apple email from apple.com - noreply@email.apple.com - and there was no phishing link. The only link provided was https://appleid.apple.com as you can see below:

Apple email said:
Your Apple ID (xxx) was used to sign in to iCloud on an iPhone 5.

Date and Time: xxx

If you have not recently signed in to an iPhone 5 with your Apple ID and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.

Apple Support
Click to expand...
I did not use that email link to access my accounts either. Instead I googled the Apple ID login page and went from there. Furthermore, when I did log in, there was an unknown iPhone 5 listed under my devices. I do actually have an iPhone 5, but the IMEI listed was different from the iPhone 5 that I own, and I shouldn't have had any devices listed on that secondary account anyway.
 
Last edited:
EugW said:
turned on 2-factor authentication
Click to expand...
This is a must in this day and age. Hopefully you got things sorted out.

I don't mind Apple's 2FA's authentication. I like how it provides the location of the device trying to log into my account.
 
maflynn said:
This is a must in this day and age. Hopefully you got things sorted out.

I don't mind Apple's 2FA's authentication. I like how it provides the location of the device trying to log into my account.
Click to expand...
The really big problem with Apple’s implementation is that it’ll send the 2FA code to the device that’s being used to access the account. It’s not actually two factor authentication at all.
 
chrfr said:
The really big problem with Apple’s implementation is that it’ll send the 2FA code to the device that’s being used to access the account. It’s not actually two factor authentication at all.
Click to expand...
It is 2FA. 2FA is simply something you know and something you have. It does not mean the second factor should be a different device than where the known factor is being used.

Apple sends the code to all your trusted devices. It won't send it to a new/unknown device that's trying to sign into your account. If one loses a trusted device, they should be putting it into Lost Mode or wiping it remotely so that others can't get into it.

It's no different than trying to sign into Gmail on your phone, where your Google Authenticator app is also installed to get the code. Or your bank texting you a code to the same phone where you signed into the banking app.
 
Last edited:
  • Like
Reactions: kitKAC
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back