Apple ID Hacked

Discussion in 'Mac Basics and Help' started by Ezio Auditore, Jan 20, 2014.

  1. Ezio Auditore macrumors newbie

    Ezio Auditore

    Joined:
    Jan 20, 2014
    #1
    Hello,

    My Apple ID got hacked today.
    I directly called apple to block everything, so now I have changed the email address and password and also the security questions.

    But I don't understand how they could possibly do this?

    They changed the email address and password into a yahoo.com email address. I got a mail with the yahoo.com address in it and when I told the apple support guy the address he got my security questions witch ware not changed.

    Now I am a little bit scared that they hacked my iMac to get the security questions?
    I don't know how else they could hack in my account. I never gave my password to anyone, not even to my own family.

    Does anyone know more about this???
    Or is the same thing maybe happend to anyone here?
     
  2. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #2
    Is your original email Yahoo? Yahoo is notorious for having a bunch of issues with hacks into email, quite a few of my friends with yahoo had their email hacked. I wonder if they could somehow have got in that way?
    IF they knew it was a yahoo email they could then have done a password reset against the iCloud account maybe?
     
  3. Ezio Auditore thread starter macrumors newbie

    Ezio Auditore

    Joined:
    Jan 20, 2014
    #3
    Hello Tumbleweed666,

    No, I don't have a yahoo email address. The email address my Apple ID was changed in, was a strange yahoo email address.
    I used a email account from my internet provider.

    So maybe they hacked my email account, I don't know (changed that password today as well).
    But then they still don't have my password, or is it that simple to hack in a Apple account???
     
  4. McGiord macrumors 601

    McGiord

    Joined:
    Oct 5, 2003
    Location:
    Dark Castle
    #5
    Ezio, if this is your real name, you might be simply revealing too much about you over the web.
    Use an alias for sites liked this.
     
  5. Ezio Auditore thread starter macrumors newbie

    Ezio Auditore

    Joined:
    Jan 20, 2014
    #6
    Hello Consultant,

    Nope. Definitely not.
    Some time ago I did get a message which said click here because otherwise your Apple ID will expire.
    I of course just deleted the mail.
    I am not that old or stupid enough to fall for the phishing mails.
     
  6. Shrink macrumors G3

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #7
    Watch it now...you're equating old with gullible or stupid.

    We old, gullible, not-so-bright folks are very sensitive about that stuff!:mad:

    :p ;) :D
     
  7. Ezio Auditore thread starter macrumors newbie

    Ezio Auditore

    Joined:
    Jan 20, 2014
    #8
    Oh really??? :D
    Yes I am an assassin from the year 1459. And now I am trying to figure out how to work with a Mac. ;)

    ----------

    Sorry, but I said stupid "ENOUGH".
    Still pretty stupid do... ;)
     
  8. Ezio Auditore thread starter macrumors newbie

    Ezio Auditore

    Joined:
    Jan 20, 2014
    #9
    Does anyone know how many attempts they can do to log in an account??

    I read on a Dutch forum that in Itunes you can do unlimited attempts to log in?
    If this is true, than they could have done a brute force attack with some kind of program to unveil my password???
     
  9. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #10
    Did you have a simple password? Because even if attempts are limited on a single account, they might do what I'll call a "reverse brute force" eg rather than attack one account a million times, you attack a million accounts one time using the same password.
    Picking a common one, say 'password' or '123456' or perhaps both.

    All you'd need is a list of valid emails to start with.
    Lets say you have 1 million email addresses
    if only 1% of those are associated with iTunes
    and only 1% of those have 'password' or '123456' as the password,
    that would get you 100 iTunes accounts !
     
  10. aristobrat macrumors G5

    Joined:
    Oct 14, 2005
    #11
    IMO, you should consider enabling two-factor authentication on any of your important accounts.

    Instead of authenticating you just based only on "something you know" (like a password, or the answers to security questions), it also factors in "something you have", like sending a verification code to a device you own, and then having you type that code into the browser, before you can continue. IMO, Apple does a good job of explaining how they implement it in the link below.

    http://support.apple.com/kb/HT5570?viewlocale=en_US&locale=en_US
     
  11. Ezio Auditore thread starter macrumors newbie

    Ezio Auditore

    Joined:
    Jan 20, 2014
    #12
    @Tumbleweed666
    My password was not that simple, but it was also not a very complex one, more like something in between. So i doubt they use your theory, but who knows...
    I am starting to think it is someone who knows me and has some kind off grudge to me.

    @aristobrat
    That is a nice security, unfortunately it is not yet available in my country.
    There are really just a few countries where it is available at the moment, but when it comes to the Netherlands I will definitely use it.
    Thank you for pointing it out.
     
  12. snberk103 macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #13
    It depends on how you answered your security questions. It is very easy, in some cases, to use information you have openly provided on - for example - FaceBook to answer the 'secret' security questions for a different application. A number of years ago when Palin was running for VP of the US, hackers used publicly available biographical information to break into her personal email account. So it is entirely possible that someone who knows you, and can answer the security questions, may have hacked your Apple ID. I would start looking at younger brothers to begin with .... ;)
     
  13. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #14
    Thanks for the heads up I've just started that (you cant do it immediately, there is a 3 day wait after you start the process). Ive got this on my paypal account already, bit of a pain but worth it when you consider what youd feel like if your account got hacked.

    ----------

    This is a good point. My answers to those type of questions are treated as another password.eg where were you born? "asirfwnv" , first car? "dis466bddg" etc.

    Dang now I'll have to change those....
     
  14. Ezio Auditore thread starter macrumors newbie

    Ezio Auditore

    Joined:
    Jan 20, 2014
    #15
    The answers to my security questions where not so hard to come up with, if the hacker know me personally. At least 2 of the 3 questions.

    Then it is even more disturbing. If it is someone I know they better make sure I don't found out who it is. I am really going to kick the **** out of him if I knew who it was.

    I have no brother and the rest is not that good of a friend to do a prank like this.
     
  15. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #16
    I've been doing this for a long time. The answers need to be long enough that they can't be brute-forced.

    Sometimes they also need to be readable, because sometimes they have to be given to a person on the other end, who triggers a password reset.

    Another important tactic that hasn't been mentioned: never reuse a password. That is, every password on any meaningful account is unique to that account. No reuse. Ever. Unless you truly don't care about who uses the account.
     

Share This Page