Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mike Boreham

macrumors 68040
Aug 10, 2006
3,904
1,894
UK
Log into your Apple ID on a desktop browser and see what devices are still associated with the ID. I too have bought and sold several Apple devices, but sometimes I forget to disassociate them with my Apple ID account. Worth a try.

I think OP has said (twice) that he has already done this.

OP, as others have said, the location of the attempts is less important than the fact that they are not associated with anything you have initiated. The location shown for my logins which require 2FA is always inaccurate.
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
Might have a keylogger on your pc/Mac so they've got your newly changed password?

What's the best way to check on whether there's a key logger? My windows PC is my work machine and corporate IT manages the anti virus type stuff so it's probably clean but I don't do anything special to secure my Mac.
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas

Mike Boreham

macrumors 68040
Aug 10, 2006
3,904
1,894
UK
I do believe Apple only has the 4 digit 2FA, right? Or is there another way? As far as I can see I can only enable the 4 digit 2FA that uses your phone number.

Apple 2FA sends a six digit code direct (not SMS) to all the trusted devices. The Phone number/SMS method is only used by choice if no trusted devices are available.
 

ovo6

Cancelled
Sep 10, 2015
828
435
You don't need to change your password it's impossible to hack you if u have two factor on. They don't have your phone but someone definitely trying something

Edit: ok u do need to change it cuz some how they know it but they still can't access ur account
 

dictoresno

macrumors 601
Apr 30, 2012
4,515
658
NJ
for what its worth, I was getting this same issue a few months ago. I was getting prompts on my phone while at work for a 2FA log in attempt from Atlanta (I'm in NJ). I too got worried and changed my Apple ID and spoke to Apple about it. They said there were zero issues with my account and no fraud taking place. I think the whole Atlanta thing was due to me being on Verizon, and maybe their server was located in Atlanta. When I'm home and log into my account, it tells me an attempt is being made from a town 15 miles away, likely where my ISP routes to. After I changed my Apple ID password, the issue stopped however I don't think it was necessary but a good precaution.

I think it was the phone itself or iCloud/Apple ID having technical issues which caused this. looked bad at first, but was easily explained away. if you wanna try to help your situation, log out of all Apple ID stuff and back in again. it will probably go away.
 

electronicsguy

macrumors 6502a
Oct 12, 2015
570
251
Pune, India
geo-location is not perfect. esp. if accessing over 3g/LTE. Many a times, I've had a IP shown in gmail login activity as using my account from California, when i was sitting in Michigan. (and no, my account wasn't hacked or anything). if the notification comes as soon as you have logged in from a new device or a device from which you recently cleared cache, cookies, etc. - then it's probably safe even though the location shown maybe wrong.

you didn't mention if you're using any proxy servers, VPN, to access websites.
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
geo-location is not perfect. esp. if accessing over 3g/LTE. Many a times, I've had a IP shown in gmail login activity as using my account from California, when i was sitting in Michigan. (and no, my account wasn't hacked or anything). if the notification comes as soon as you have logged in from a new device or a device from which you recently cleared cache, cookies, etc. - then it's probably safe even though the location shown maybe wrong.

you didn't mention if you're using any proxy servers, VPN, to access websites.

No proxy no vpn and no, login activity was NOT correlated with the notifications. They happened at random times and were not associated with me logging in anywhere.

Strangely I haven't gotten any more of these notifications since I posted this.
 

electronicsguy

macrumors 6502a
Oct 12, 2015
570
251
Pune, India
No proxy no vpn and no, login activity was NOT correlated with the notifications. They happened at random times and were not associated with me logging in anywhere.

Strangely I haven't gotten any more of these notifications since I posted this.
well then ignorance is bliss as they say!
 
  • Like
Reactions: j-a-x

Tech198

Cancelled
Mar 21, 2011
15,915
2,151
Since I turned on "two-factor authentication" I get a few messages per day saying people are trying to log in as me, usually from the Los Angeles area (I live in Texas). I assumed that meant somebody had my password because I don't think it gets to the point of asking you for the verification code until you get the password right. So I changed my password a few days ago, but I still keep getting these messages. Sometimes 3 or 4 times per day it asks me to validate a login attempt in California and I say no.

I am wondering what's going on here. Is somebody trying to hack me? Does somebody know my new password? Am I correct that they have to get the password right before the notice pops up on my iPhone asking me to validate a new login with a security code?

Is there anything else that could be generating these odd login attempts?

Maybe they saw this thread and stopped :)
 
  • Like
Reactions: j-a-x

xraydoc

Contributor
Oct 9, 2005
11,001
5,470
192.168.1.1
No proxy no vpn and no, login activity was NOT correlated with the notifications. They happened at random times and were not associated with me logging in anywhere.

Strangely I haven't gotten any more of these notifications since I posted this.
3rd party service that you've given access to your iCloud credentials, perhaps?
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
3rd party service that you've given access to your iCloud credentials, perhaps?

Maybe. Actually I gave appFigures.com my credentials a long time ago but since I cancelled my subscription it shouldn't have been auto checking my account. Also I changed my iCloud password and appFigures had an out of date password. iCloud doesn't seem to trigger a notification until the correct password is entered so I don't see how app figures could be the culprit BUT the day I deleted my credentials on app figures is the same day the notifications stopped.
 

cswifx

Suspended
Dec 15, 2016
563
180
Maybe. Actually I gave appFigures.com my credentials a long time ago but since I cancelled my subscription it shouldn't have been auto checking my account. Also I changed my iCloud password and appFigures had an out of date password. iCloud doesn't seem to trigger a notification until the correct password is entered so I don't see how app figures could be the culprit BUT the day I deleted my credentials on app figures is the same day the notifications stopped.

It's suspicious that a website would try to log into your iCloud account, you should stop using the service or contact their support staff.
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
It's suspicious that a website would try to log into your iCloud account, you should stop using the service or contact their support staff.

Well it's supposed to be design. But only if you subscribe. It logs into your iTunes connect account using your Apple ID to download stats related to how your apps are performing in the App Store. It's a well respected site.
 

jackedint

macrumors newbie
Oct 24, 2012
23
2
something is going on with Apples 2FA when doing an account recovery request.... the process / systems are backed up over a month+ (according to Apple Support via phone today)
 

myname70

macrumors 6502a
May 5, 2014
630
81
I had similar issue and found it was because of my AppleTV 3. Try to log off from your appletv and switch it off for a day to see if the issue will diaper
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
Today I again (for the first time since I started this thread) had somebody attempt to login as me. This time it was from the Seychelles islands. This was definitely not related to me logging in anywhere (I was reading Apple News at the time in Texas). I assume that since I got the dialog telling me the location of the login attempt it means somebody must have my password (I can't believe it because I just changed it recently and my new password is very very secure and random). This is really making me unhappy but I am very happy I am using 2 factor authentication because there's basically no way they can actually log in as me even with my password. Not sure what to do because I just changed my password and a few weeks later I get another login attempt. I guess I need to scan my mac for key loggers and other spyware? I've never taken the possibility of having a virus seriously on my Mac but maybe I will now...

IMG_1659.PNG
 
Last edited:

electronicsguy

macrumors 6502a
Oct 12, 2015
570
251
Pune, India
While it's very possible that someone keeps getting your password and is trying to login from the Seychelles, take the location shown with a bag of salt: http://www.itandcoffee.com.au/blog/ipad-iphone-shows-access-from-wrong-location

Wrong geo-location is a fact of life, happens all the time when an actual GPS is not being used. Now as far as your case goes, it's possible that the sign-in attempts are due to real persons, or a 3rd party service somehow linked to your apple id.

Unfortunately, Apple is not going to be of much help. If you want to see if someone is using a keylogger on your computer, one way of course, it to use a good anti-virus suite. Another way would be to try and trick them.

Create another apple-id with a non-related password and use that temporarily to sign in onto all your devices. Then in the next few days, see if you still get these sign-in attempts. If yes, then someone is definitely snooping on you.
 
  • Like
Reactions: ABC5S

Pug72

macrumors 68020
Mar 18, 2012
2,265
2,218
England
I've had this too here in the UK.
Quite as lot recently, changing my password seems to have helped for now.

The log in attempts were no where near where any of my Apple devices are.



Interesting that an AppleTv 3 has been mentioned as I gave my daughter one to use at her place.
I'll talk to her about it if it happens again.
 

j-a-x

macrumors 68000
Original poster
Apr 15, 2005
1,566
285
Houston, Texas
While it's very possible that someone keeps getting your password and is trying to login from the Seychelles, take the location shown with a bag of salt: http://www.itandcoffee.com.au/blog/ipad-iphone-shows-access-from-wrong-location

Wrong geo-location is a fact of life, happens all the time when an actual GPS is not being used. Now as far as your case goes, it's possible that the sign-in attempts are due to real persons, or a 3rd party service somehow linked to your apple id.

Unfortunately, Apple is not going to be of much help. If you want to see if someone is using a keylogger on your computer, one way of course, it to use a good anti-virus suite. Another way would be to try and trick them.

Create another apple-id with a non-related password and use that temporarily to sign in onto all your devices. Then in the next few days, see if you still get these sign-in attempts. If yes, then someone is definitely snooping on you.

Well regardless of where, somebody was trying to log into my iphone from somewhere, and that person is not me (like I said I was reading the news when it happened, not logging in).

I might also add that every time I have logged in somewhere myself and used two-factor to complete the login process, it has shown the correct location.
 

electronicsguy

macrumors 6502a
Oct 12, 2015
570
251
Pune, India
Well regardless of where, somebody was trying to log into my iphone from somewhere, and that person is not me (like I said I was reading the news when it happened, not logging in).

I might also add that every time I have logged in somewhere myself and used two-factor to complete the login process, it has shown the correct location.

When I'm surfing on my laptop, the mailbird app is checking mail in the background. I don't have to actively be using icloud services for 3rd party app to make those requests. just 2 cents.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.