Compromised Apple ID ?

Tried to access some apple services today only to be told that my ID had
been suspended for securuty reasons.

Had to change the password.

According to the FAQ on the password change web site, it is apparently
because someoe tried to access my account to many times.

Just curious if others experienced this recently or if I would have some
targeting this at a very narrow group of users ?

I take it it is impossible for us to get logs of those attempts to find
out where they came from ? (or when they were made) ?

JF Mezei <> wrote:

> Tried to access some apple services today only to be told that my ID had
> been suspended for securuty reasons.
>
> Had to change the password.
>
> According to the FAQ on the password change web site, it is apparently
> because someoe tried to access my account to many times.
>
> Just curious if others experienced this recently or if I would have some
> targeting this at a very narrow group of users ?
>
> I take it it is impossible for us to get logs of those attempts to find
> out where they came from ? (or when they were made) ?

I get notifications of attempts to change my password quite often,
always accompanied by an assurance "not to worry" if it wasn't me. Looks
like the last one was... let's see... 9 days ago, and one 3 days before
that, another 15 days before that, etc. That's just one of the many,
many reasons I greatly dislike the App store (and I make sure that it
does not have any valid credit card data for me).

A few years ago, my id was disabled for too many attempts. I just made a
new id, that being before the App store. I remember wondering why anyone
was bothering. At the time, the id had no real value at all: no money,
licenses, personal data (well, none that was real), or anything you'd
think anyone would care about. Just an easily created and easily
abandoned id tha I needed to download free developer stuff on fairly
rare occasion. But I still got people trying to access it regularly.

--
Richard Maine | Good judgment comes from experience;
email: last name at domain . net | experience comes from bad judgment.
domain: summertriangle | -- Mark Twain

Richard Maine wrote:

> I get notifications of attempts to change my password quite often,
> always accompanied by an assurance "not to worry" if it wasn't me.


I've had an Apple ID for years and this was the first time I got such a
problem. But if this is supposed to be common, then I know it wasn't
targetted especially at me.


Perhaps it wasn't so smart for Apple to use an email address as username.

On 2012-02-26 00:57 , JF Mezei wrote:
> Tried to access some apple services today only to be told that my ID had
> been suspended for securuty reasons.
>
> Had to change the password.
>
> According to the FAQ on the password change web site, it is apparently
> because someoe tried to access my account to many times.

Damn! They're on my trail!
Damn.

Sorry about that - next time I'll try not to break in too many times.

> Just curious if others experienced this recently or if I would have some
> targeting this at a very narrow group of users ?

English please.

> I take it it is impossible for us to get logs of those attempts to find
> out where they came from ? (or when they were made) ?

Ask Apple (you should have a pretty good idea where that will go.

They won't release logs because for all they know *you* (the requestor)
were also the person "testing" the defenses and the logs may reveal
something about their defenses. And sanitizing the logs is just too
much to ask for and would, in any case, render them useless to you as well.

--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.

On Sun, 26 Feb 2012 03:50:59 -0500, JF Mezei wrote:

> Richard Maine wrote:
>
>> I get notifications of attempts to change my password quite often,
>> always accompanied by an assurance "not to worry" if it wasn't me.
>
>
> I've had an Apple ID for years and this was the first time I got such a
> problem. But if this is supposed to be common, then I know it wasn't
> targetted especially at me.
>
>
> Perhaps it wasn't so smart for Apple to use an email address as
> username.

There are plenty of systems out there which use the email address as the
username. Perhaps Apple is doing you a favour by reporting failed login
attempts where the other services don't?

It's my guess that someone is hoping to come across a paid version of an
Apple Developer account, and the download goodies such as the Mountain
Lion preview that you can get with one of those.



--
Paul Sture

On 2012-02-26 03:50 , JF Mezei wrote:
> Richard Maine wrote:
>
>> I get notifications of attempts to change my password quite often,
>> always accompanied by an assurance "not to worry" if it wasn't me.
>
>
> I've had an Apple ID for years and this was the first time I got such a
> problem. But if this is supposed to be common, then I know it wasn't
> targetted especially at me.
>
>
> Perhaps it wasn't so smart for Apple to use an email address as username.

It also points to an organized attack using lists that are widely available.

I use a relatively strong pw for sites like that, but I think I'll
increase the PW entropy a notch.

--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.

In article <1kg1olx.gjigqf1p09v2N%>,
ure (Richard Maine) wrote:

> I get notifications of attempts to change my password quite often,
> always accompanied by an assurance "not to worry" if it wasn't me. Looks
> like the last one was... let's see... 9 days ago, and one 3 days before
> that, another 15 days before that, etc. That's just one of the many,
> many reasons I greatly dislike the App store (and I make sure that it
> does not have any valid credit card data for me).

You don't like it because it is secure enough to keep strangers from
accessing your account?

-- Michelle

--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.

In article <4f49f273$0$20224$c3e8da3$ om>,
JF Mezei <> wrote:

> > I get notifications of attempts to change my password quite often,
> > always accompanied by an assurance "not to worry" if it wasn't me.
>
> I've had an Apple ID for years and this was the first time I got such a
> problem. But if this is supposed to be common, then I know it wasn't
> targetted especially at me.

I have never had it happen to me, and I've had that Apple ID for longer
than I can remember.

--
Tea Party Patriots is to Patriotism as
People's Democratic Republic is to Democracy.

On 02-26-2012 03:50, JF Mezei wrote:
> Richard Maine wrote:
>> I get notifications of attempts to change my password quite often,
>> always accompanied by an assurance "not to worry" if it wasn't me.
>
> I've had an Apple ID for years and this was the first time I got such a
> problem. But if this is supposed to be common, then I know it wasn't
> targetted especially at me.

I've had one for over ten years and have never received such a warning.
So maybe some somewhere doesn't like Richard. Or thinks Richard has
something worth hacking for.

> Perhaps it wasn't so smart for Apple to use an email address as username.

Whenever (often) some outfit wants e-mail address to double as login, I
always create a new one and never use it for anything else.

Send one e-mail to a Windows user (or have someone else forward one of
yours to a Windows user, and the viruses and spammers begin spreading
that address everywhere.

--
Wes Groleau

Heroes, Heritage, and History
http://UniGen.us/webtrees

On 2012-02-26 13:49 , Wes Groleau wrote:

> Whenever (often) some outfit wants e-mail address to double as login, I
> always create a new one and never use it for anything else.
>
> Send one e-mail to a Windows user (or have someone else forward one of
> yours to a Windows user, and the viruses and spammers begin spreading
> that address everywhere.

I use one particular e-mail address for login signups. (with a few
exceptions).

Appropriately it is

I log in there only to finish a new account sign up. I ignore whatever
else is there.

--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.