Apple ID Accounts Logging Out Users and Requiring Password Reset

[smoking monkey]

I doubt it's anything to do with old versus new @ suffixes.

My money is on brute force attacks... or an internal system stuff up of some kind.

If the former, it's possible affected users use their apple ID email for other apps and websites and one of those sites/apps has been hacked.

I changed over my apple ID email to a unique email that is only used for my Apple ID several years ago because of this very situation.

And if it's not the former and is the latter, then it's still a good idea to use a unique email address for your Apple ID.

 

[jonahlee]

Yea happened to me yesterday while watching a movie on Apple TV, kicked me out of iphone, ipad, watch and mac. I have a lMac account. And my password was less than a year old.

 

[ikramerica]

I doubt it's anything to do with old versus new @ suffixes.

My money is on brute force attacks... or an internal system stuff up of some kind.

If the former, it's possible affected users use their apple ID email for other apps and websites and one of those sites/apps has been hacked.

I changed over my apple ID email to a unique email that is only used for my Apple ID several years ago because of this very situation.

And if it's not the former and is the latter, then it's still a good idea to use a unique email address for your Apple ID.

I vote for brute force attack from compromised website where people use their appleid email as login.

 

[Takuro]

Outage is still ongoing 24 hours and Apple hasn't acknowledged it. Until the new password I set finally finishes syncing (if ever), I consider myself impacted. Still can't generate App Specific Passwords.

I have a feeling with how things go in the tech support world, they will silently fix it in the middle of the week when people are back in the office. Somewhere, someone out there knows this is happening and is trying to save their own ass but not self-reporting the actual impact to customers up the proper channels.

 

[Valmont11]

Same here. My wife correctly predicted: “Watch out for MacRumors articles coming soon about this!” LOL!

It’s understandable in some circumstances to have to go through a reset protocol. No issues with this, it’s better than the alternative.

But for f$&@‘s sake, can Apple fix the issues with the reset process:

• Apple Watch password input is not suitable for people with long complex passwords and the iPhone helper input does not support neither 1Password nor paste action
• HomePods are managed through the Home app, which stops loading due to HomePods acting as Home Hubs and not responding causing a catch 22, requiring a tedious loop of resets

So annoying..

 

[Prototypical]

Happened to me last night around this time, same situation as the others - watching a show on AppleTV when suddenly I got kicked out of everything and had to jump through hoops for more than an hour to reset everything. @me account, head of family.

It’s comforting (…?) to know it wasn’t just me, I suppose.

 

[aleni]

I thought I was hacked. Phewww. What a relief. My account is me.com. Wife and kids are icloud.com and weren't affected.

 

[canyonblue737]

Yup, happened for me. Pain in the rear. .me account that is decades old.

 

[paulbart]

Now I need to figure out:
1. Why did the Recovery Contact option fail?
2. Why isn't the place I have been every day for 2 months not familiar enough to skip the 1 hour device protection?

I had something similar happen yesterday, which may or may not be related. I was setting up a NEW Mac Mini, and when I tried to login to iCloud during the setup process, it told me that my account had been locked and required a password reset. I think it asked for my phone number to confirm (not 100% sure of that).

I got a message on my iPhone about Stolen Device Protection, and that the password reset couldn’t happen for one hour (and that it would notify me in an hour). I was at HOME (and had been all day), which is definitely in my frequent locations I had to wait an hour before I could continue.

After the hour passed, my iPhone prompted me for my iCloud password (I entered my existing password), and then told me I could proceed on my Mac. I never had to actually change my password.

I was really confused by what had happened, then I woke up to this story this morning. I feel it must be somehow related, even though my situation was slightly different.

Stolen Device Protection one-hour delay while sitting at home was annoying. Apple needs to fix that.

 

[Tagbert]

Classic. New tactics forcing people to upgrade. Make their accounts and devices obsolete.

“So you are unhappy with our product because we wanted to make your experience crap. How about buying more of our products that aren’t crap yet?”

Every time I hear people promoting that as a business strategy, I wonder about how they think that is supposed to work.

 

[justiny]

I'm not sure it's that simple.

If we assume a worst-case scenario, a breach that's not been fixed, then announcing it publicly could lead to more attacks or similar.

I'm not saying that's the case because it doesn't appear that any users are having their data leaked or accounts abused or anything similar.

It's worrying and annoying. But I haven't read of anyone facing more troubles than being locked out, or having to reset one or several many passwords.

And I would tend to agree with you, except for these points:

1. Our Apple ID's contain huge amounts of incredibly sensitive data. This is by design from Apple.

2. This is a global issue and has affected an unknown but seemingly large and growing number of users.

3. This has been widely reported and over 24 hours later, we still have no official statement directly from Apple about what this is/was.

This is very concerning and with each hour that passes with no official statement from Apple, the more worrying this becomes.

We are all paying, loyal customers and I feel like we deserve better than radio silence. We still don't know if this was an attack, some internal fault, or something else entirely.

The longer Apple doesn't confront this, the uncertainty and speculation will continue to grow. Again, I feel we deserve better than being kept in the dark.

 

[Jim Lahey]

When the issue is being reported by major outlets like Forbes, 9to5Mac, AppleInsider, The Verge, and Mashable for example, Apple owes us an explanation regardless of the number of users impacted.

Yes I think it's fairly self evident that this is a cut above the average service outage. For one thing it's a very obvious security concern for those impacted. A company of Apple's self-exalted privacy & security standing should be explaining what happened.

 

[MajorFusion]

I went up the chain of Apple support reps. 4 levels deep before they gave up late last night. Mine got stuck in a loop and I was unable to reset my password anywhere without it ending in a server error. Very interested in what Apple has to say about this one. It did make me realize how dependent I am on one account and that it's probably not as robust as it needs to be for that level of trust.

 

[ignatius345]

My Apple ID is one of the old MobileMe ("@me.com") addresses. Wondering if it is something to do with this as my partner and other family members had no issue, but had iCloud accounts created much later on.

Can anyone else confirm if their affected Apple ID is a @me.com address?

Same. Apple ID is a me.com address

 

[Amazing Iceman]

Happened to me too. No one else in my family. Maybe it has something to do with being the “main” account holder in family sharing?

Glad it was wide-spread, though. Concerned someone was trying to access my account!

Was your password too easy to guess?
I wonder if they reset passwords for people who had passwords with low security.

 

[ignatius345]

One thing that really concerned me: when I started getting iCloud password prompts, I was instructed on my iPhone to get a verification code from one of the Trusted Contacts I had set up.

Your password could not be reset
You must enter the code generated from your recovery contact's device to reset your password.

Called her and walked her through what the instructions said to do… and it failed on her end.

As it turned out, the issue was WAY easier to navigate on my Mac, which accepted my login password as verification and then walked me through changing my iCloud password. On the iPhone, the process was just a loop I couldn’t get out of.

 

[cj.jensen]

There are widespread reports of Apple users being locked out of their Apple ID overnight for no apparent reason, requiring a password reset before they can log in again.

Users say the sudden inexplicable Apple ID sign-out is occurring across multiple devices. When they attempt to sign in again they are locked out of their account and asked to reset their password in order to regain access.

This has led to additional Apple ID issues for users with Stolen Device Protection enabled who are away from a trusted location, as well as any app-specific passwords previously set up in iCloud also being reset.

As noted by 9to5Mac, user reports about the problem began appearing on social media at around 8 p.m. Eastern Time and became increasingly prevalent into the early hours of the morning.

​

MacRumors staff members have also been affected by the service outage, which does not appear to have been picked up by Apple's own System Status webpage.

We have contacted Apple for comment and will update readers if we hear back. Have you been affected by the Apple ID issue? Let us know in the comments.

Article Link: Apple ID Accounts Logging Out Users and Requiring Password Reset

Yes, happened to me. Really sucks! Have tried to reset password 5 times always get server error message. Called tech support the first person could not help. "Supervisor" could not help. Said I needed to wait an hour because account still locked after 20 hours. She promised me she would call back in an hour because she could not provide a direct dial number. Apple support lied. They never called. I'm still locked out and it has been more than 48 hours.

 

[dipan]

I went up the chain of Apple support reps. 4 levels deep before they gave up late last night. Mine got stuck in a loop and I was unable to reset my password anywhere without it ending in a server error. Very interested in what Apple has to say about this one. It did make me realize how dependent I am on one account and that it's probably not as robust as it needs to be for that level of trust.

I had the same thoughts though only went through 2 levels of support this afternoon. I suppose apple expects I’ll be okay without even email for a while

 

[dipan]

One thing that really concerned me: when I started getting iCloud password prompts, I was instructed on my iPhone to get a verification code from one of the Trusted Contacts I had set up.



Called her and walked her through what the instructions said to do… and it failed on her end.

As it turned out, the issue was WAY easier to navigate on my Mac, which accepted my login password as verification and then walked me through changing my iCloud password. On the iPhone, the process was just a loop I couldn’t get out of.

I tried on iPhone, Mac, and PC. All resulted in an error, undefined on Mac and PC, and”server error” on IPhone. Pretty disappointed but now I know I have to lessen my reliance on apple. I can’t even receive email or view it on the web. Pretty frustrating. And the fact they have not really acknowledged an issue makes it even more frustrating. I was just told to try again in 24 hours. Hopefully that means they are trying to sort it out!

 

[Squirrrrel]

I went up the chain of Apple support reps. 4 levels deep before they gave up late last night. Mine got stuck in a loop and I was unable to reset my password anywhere without it ending in a server error. Very interested in what Apple has to say about this one. It did make me realize how dependent I am on one account and that it's probably not as robust as it needs to be for that level of trust.

This kind of thing rarely ever happens and people make a way bigger deal out of it than it needs to be, especially here. People are extraordinarily overdramatic. This happens with all the big companies including Google, Microsoft, and whoever else. It's infuriating when it happens, but it's always temporary. Microsoft had a Windows update that wiped people's entire hard drives. Fantastic stuff. At least you can actually get hold of tech support with Apple ... and their tech support isn't outsourced to someone you can barely understand. Microsoft is always outsourced to India, and good luck getting any help from Google about anything. In a perfect world, everything would run exactly as it should 24/7/365, but technology is manmade and not infallible. One time my account had some SERIOUSLY horrible bugs, and I actually got transferred to the literal developers that are behind iCloud accounts and they went in and physically fixed my account. I never would have ever gotten that level of service from any other tech company on this planet. Apple tech support can be a hit or a miss, but when it hits, it's very impressive. I've had Apple fix out of warranty repairs on my Apple devices for free and they also paid shipping both ways. I feel you though about being dependent on one company for everything. When things go wrong, albeit rare, it can be a nightmare.

 

[davige]

Password reset errors and now Apple is telling me I can't change my PW or recover my account for 12 f*****g days. Absolutely stupid, horrid policy. WTF, Apple?!?!?!?!

 

[Daskarzine]

I got logged out of both my accounts, had to reset both and setup app specific passwords, huge PITA!

 

[Malarkey]

Happened to me. When this kind of thing happens, it's worrisome because they give no explanation and it has the feel of things falling apart and Apple losing control. I use the Microsoft Outlook application in MacOS for email (just a better interface, in my opinion—and attachments aren't part of the email content itself). So that's broke. Getting the 3rd party password for that seems like an addition unnecesary burden. I recall it being a convoluted process last time.

 

[JasCloud]

Yep, happened to me, asking for new password. First change in a few years.....

 

[dipan]

Password reset errors and now Apple is telling me I can't change my PW or recover my account for 12 f*****g days. Absolutely stupid, horrid policy.

They told you 12 days? That’s crazy! How can you possibly be without even email access for that long. I certainly hope this is acknowledged and sorted! Tried again just now still “server error”