Compromised Apple ID ?

Discussion in 'Apple' started by JF Mezei, Feb 26, 2012.

  1. JF Mezei

    JF Mezei Guest

    Tried to access some apple services today only to be told that my ID had
    been suspended for securuty reasons.

    Had to change the password.

    According to the FAQ on the password change web site, it is apparently
    because someoe tried to access my account to many times.

    Just curious if others experienced this recently or if I would have some
    targeting this at a very narrow group of users ?

    I take it it is impossible for us to get logs of those attempts to find
    out where they came from ? (or when they were made) ?
    JF Mezei, Feb 26, 2012
    #1
    1. Advertising

  2. JF Mezei <> wrote:

    > Tried to access some apple services today only to be told that my ID had
    > been suspended for securuty reasons.
    >
    > Had to change the password.
    >
    > According to the FAQ on the password change web site, it is apparently
    > because someoe tried to access my account to many times.
    >
    > Just curious if others experienced this recently or if I would have some
    > targeting this at a very narrow group of users ?
    >
    > I take it it is impossible for us to get logs of those attempts to find
    > out where they came from ? (or when they were made) ?


    I get notifications of attempts to change my password quite often,
    always accompanied by an assurance "not to worry" if it wasn't me. Looks
    like the last one was... let's see... 9 days ago, and one 3 days before
    that, another 15 days before that, etc. That's just one of the many,
    many reasons I greatly dislike the App store (and I make sure that it
    does not have any valid credit card data for me).

    A few years ago, my id was disabled for too many attempts. I just made a
    new id, that being before the App store. I remember wondering why anyone
    was bothering. At the time, the id had no real value at all: no money,
    licenses, personal data (well, none that was real), or anything you'd
    think anyone would care about. Just an easily created and easily
    abandoned id tha I needed to download free developer stuff on fairly
    rare occasion. But I still got people trying to access it regularly.

    --
    Richard Maine | Good judgment comes from experience;
    email: last name at domain . net | experience comes from bad judgment.
    domain: summertriangle | -- Mark Twain
    Richard Maine, Feb 26, 2012
    #2
    1. Advertising

  3. JF Mezei

    JF Mezei Guest

    Richard Maine wrote:

    > I get notifications of attempts to change my password quite often,
    > always accompanied by an assurance "not to worry" if it wasn't me.



    I've had an Apple ID for years and this was the first time I got such a
    problem. But if this is supposed to be common, then I know it wasn't
    targetted especially at me.


    Perhaps it wasn't so smart for Apple to use an email address as username.
    JF Mezei, Feb 26, 2012
    #3
  4. JF Mezei

    Alan Browne Guest

    On 2012-02-26 00:57 , JF Mezei wrote:
    > Tried to access some apple services today only to be told that my ID had
    > been suspended for securuty reasons.
    >
    > Had to change the password.
    >
    > According to the FAQ on the password change web site, it is apparently
    > because someoe tried to access my account to many times.


    Damn! They're on my trail!
    Damn.

    Sorry about that - next time I'll try not to break in too many times.

    > Just curious if others experienced this recently or if I would have some
    > targeting this at a very narrow group of users ?


    English please.

    > I take it it is impossible for us to get logs of those attempts to find
    > out where they came from ? (or when they were made) ?


    Ask Apple (you should have a pretty good idea where that will go.

    They won't release logs because for all they know *you* (the requestor)
    were also the person "testing" the defenses and the logs may reveal
    something about their defenses. And sanitizing the logs is just too
    much to ask for and would, in any case, render them useless to you as well.

    --
    "I was gratified to be able to answer promptly, and I did.
    I said I didn't know."
    -Samuel Clemens.
    Alan Browne, Feb 26, 2012
    #4
  5. JF Mezei

    Paul Sture Guest

    On Sun, 26 Feb 2012 03:50:59 -0500, JF Mezei wrote:

    > Richard Maine wrote:
    >
    >> I get notifications of attempts to change my password quite often,
    >> always accompanied by an assurance "not to worry" if it wasn't me.

    >
    >
    > I've had an Apple ID for years and this was the first time I got such a
    > problem. But if this is supposed to be common, then I know it wasn't
    > targetted especially at me.
    >
    >
    > Perhaps it wasn't so smart for Apple to use an email address as
    > username.


    There are plenty of systems out there which use the email address as the
    username. Perhaps Apple is doing you a favour by reporting failed login
    attempts where the other services don't?

    It's my guess that someone is hoping to come across a paid version of an
    Apple Developer account, and the download goodies such as the Mountain
    Lion preview that you can get with one of those.



    --
    Paul Sture
    Paul Sture, Feb 26, 2012
    #5
  6. JF Mezei

    Alan Browne Guest

    On 2012-02-26 03:50 , JF Mezei wrote:
    > Richard Maine wrote:
    >
    >> I get notifications of attempts to change my password quite often,
    >> always accompanied by an assurance "not to worry" if it wasn't me.

    >
    >
    > I've had an Apple ID for years and this was the first time I got such a
    > problem. But if this is supposed to be common, then I know it wasn't
    > targetted especially at me.
    >
    >
    > Perhaps it wasn't so smart for Apple to use an email address as username.


    It also points to an organized attack using lists that are widely available.

    I use a relatively strong pw for sites like that, but I think I'll
    increase the PW entropy a notch.

    --
    "I was gratified to be able to answer promptly, and I did.
    I said I didn't know."
    -Samuel Clemens.
    Alan Browne, Feb 26, 2012
    #6
  7. In article <1kg1olx.gjigqf1p09v2N%>,
    ure (Richard Maine) wrote:

    > I get notifications of attempts to change my password quite often,
    > always accompanied by an assurance "not to worry" if it wasn't me. Looks
    > like the last one was... let's see... 9 days ago, and one 3 days before
    > that, another 15 days before that, etc. That's just one of the many,
    > many reasons I greatly dislike the App store (and I make sure that it
    > does not have any valid credit card data for me).


    You don't like it because it is secure enough to keep strangers from
    accessing your account?

    -- Michelle

    --
    Tea Party Patriots is to Patriotism as
    People's Democratic Republic is to Democracy.
    Michelle Steiner, Feb 26, 2012
    #7
  8. In article <4f49f273$0$20224$c3e8da3$>,
    JF Mezei <> wrote:

    > > I get notifications of attempts to change my password quite often,
    > > always accompanied by an assurance "not to worry" if it wasn't me.

    >
    > I've had an Apple ID for years and this was the first time I got such a
    > problem. But if this is supposed to be common, then I know it wasn't
    > targetted especially at me.


    I have never had it happen to me, and I've had that Apple ID for longer
    than I can remember.

    --
    Tea Party Patriots is to Patriotism as
    People's Democratic Republic is to Democracy.
    Michelle Steiner, Feb 26, 2012
    #8
  9. JF Mezei

    Wes Groleau Guest

    On 02-26-2012 03:50, JF Mezei wrote:
    > Richard Maine wrote:
    >> I get notifications of attempts to change my password quite often,
    >> always accompanied by an assurance "not to worry" if it wasn't me.

    >
    > I've had an Apple ID for years and this was the first time I got such a
    > problem. But if this is supposed to be common, then I know it wasn't
    > targetted especially at me.


    I've had one for over ten years and have never received such a warning.
    So maybe some somewhere doesn't like Richard. Or thinks Richard has
    something worth hacking for.

    > Perhaps it wasn't so smart for Apple to use an email address as username.


    Whenever (often) some outfit wants e-mail address to double as login, I
    always create a new one and never use it for anything else.

    Send one e-mail to a Windows user (or have someone else forward one of
    yours to a Windows user, and the viruses and spammers begin spreading
    that address everywhere.

    --
    Wes Groleau

    Heroes, Heritage, and History
    http://UniGen.us/webtrees
    Wes Groleau, Feb 26, 2012
    #9
  10. JF Mezei

    Alan Browne Guest

    On 2012-02-26 13:49 , Wes Groleau wrote:

    > Whenever (often) some outfit wants e-mail address to double as login, I
    > always create a new one and never use it for anything else.
    >
    > Send one e-mail to a Windows user (or have someone else forward one of
    > yours to a Windows user, and the viruses and spammers begin spreading
    > that address everywhere.


    I use one particular e-mail address for login signups. (with a few
    exceptions).

    Appropriately it is

    I log in there only to finish a new account sign up. I ignore whatever
    else is there.

    --
    "I was gratified to be able to answer promptly, and I did.
    I said I didn't know."
    -Samuel Clemens.
    Alan Browne, Feb 26, 2012
    #10
  11. JF Mezei

    JF Mezei Guest

    Paul Sture wrote:

    > There are plenty of systems out there which use the email address as the
    > username. Perhaps Apple is doing you a favour by reporting failed login
    > attempts where the other services don't?


    If Apple allowed me to restore service to the account without changing
    password, it would be much better. But they force you to change your
    password which fucks up all your devices that had that password in their
    keychains.

    Or Apple could do like with VMS: just disable the acocunt for a random
    amount of time and reinstate service automatically. (with notification
    via email of the event).
    JF Mezei, Feb 26, 2012
    #11
  12. JF Mezei

    Kurt Ullman Guest

    In article <4f4a8c45$0$4782$c3e8da3$>,
    JF Mezei <> wrote:

    > If Apple allowed me to restore service to the account without changing
    > password, it would be much better. But they force you to change your
    > password which fucks up all your devices that had that password in their
    > keychains.


    Never had this problem with Apple, but for most of the other uses, I
    change the password, log off, log back in and change it back to what is
    was. Longest I had to use the new password (for a bank) was
    overnight.

    --
    People thought cybersex was a safe alternative,
    until patients started presenting with sexually
    acquired carpal tunnel syndrome.-Howard Berkowitz
    Kurt Ullman, Feb 26, 2012
    #12
  13. JF Mezei

    JF Mezei Guest

    Kurt Ullman wrote:

    > Never had this problem with Apple, but for most of the other uses, I
    > change the password, log off, log back in and change it back to what is
    > was. Longest I had to use the new password (for a bank) was
    > overnight.


    Apple won't let you re-use your old passowrd for 1 year, and has now
    tightened requirements with at least 1 upper case letter and at least 1
    numeric characters and min 8 total so I couldn't re-use my old password
    even if there wasn't a 1 year history.

    Such passwords are a pain to type into an iphone because of uppercase
    and numeric characters.
    JF Mezei, Feb 26, 2012
    #13
  14. JF Mezei

    Alan Browne Guest

    On 2012-02-26 15:44 , JF Mezei wrote:
    > Kurt Ullman wrote:
    >
    >> Never had this problem with Apple, but for most of the other uses, I
    >> change the password, log off, log back in and change it back to what is
    >> was. Longest I had to use the new password (for a bank) was
    >> overnight.

    >
    > Apple won't let you re-use your old passowrd for 1 year, and has now
    > tightened requirements with at least 1 upper case letter and at least 1
    > numeric characters and min 8 total so I couldn't re-use my old password
    > even if there wasn't a 1 year history.
    >
    > Such passwords are a pain to type into an iphone because of uppercase
    > and numeric characters.


    I noticed that new cap requirement. PITA when mobile.

    --
    "I was gratified to be able to answer promptly, and I did.
    I said I didn't know."
    -Samuel Clemens.
    Alan Browne, Feb 26, 2012
    #14
  15. In article <4f4a99b0$0$32160$c3e8da3$>,
    JF Mezei <> wrote:

    > Such passwords are a pain to type into an iphone because of uppercase
    > and numeric characters.


    Hmmm, my password contains numbers and lower-case characters, no upper-case
    characters. But the numbers are all together, and the letters are all
    together, so it's not a pain, even though it is a bit more involved.

    But an uppercase character definitely should not be a pain; one press on
    the shift key and that's it.

    --
    Tea Party Patriots is to Patriotism as
    People's Democratic Republic is to Democracy.
    Michelle Steiner, Feb 26, 2012
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    18
    Views:
    499
    JEDIDIAH
    Aug 9, 2005
  2. Markus Dehmann
    Replies:
    43
    Views:
    785
  3. Jacobs
    Replies:
    0
    Views:
    689
    Jacobs
    Jul 16, 2010
  4. JF Mezei
    Replies:
    23
    Views:
    869
    Justin
    May 2, 2011
  5. Michelle Steiner

    Has your credit card number been compromised?

    Michelle Steiner, Apr 11, 2012, in forum: Apple
    Replies:
    115
    Views:
    1,218
    Matthew Russotto
    May 8, 2012
Loading...

Share This Page