Apple ID Hacked

Ezio Auditore · Jan 20, 2014

Hello,

My Apple ID got hacked today.
I directly called apple to block everything, so now I have changed the email address and password and also the security questions.

But I don't understand how they could possibly do this?

They changed the email address and password into a yahoo.com email address. I got a mail with the yahoo.com address in it and when I told the apple support guy the address he got my security questions witch ware not changed.

Now I am a little bit scared that they hacked my iMac to get the security questions?
I don't know how else they could hack in my account. I never gave my password to anyone, not even to my own family.

Does anyone know more about this???
Or is the same thing maybe happend to anyone here?

Tumbleweed666 · Jan 20, 2014

Is your original email Yahoo? Yahoo is notorious for having a bunch of issues with hacks into email, quite a few of my friends with yahoo had their email hacked. I wonder if they could somehow have got in that way?
IF they knew it was a yahoo email they could then have done a password reset against the iCloud account maybe?

Ezio Auditore · Jan 20, 2014

Hello Tumbleweed666,

No, I don't have a yahoo email address. The email address my Apple ID was changed in, was a strange yahoo email address.
I used a email account from my internet provider.

So maybe they hacked my email account, I don't know (changed that password today as well).
But then they still don't have my password, or is it that simple to hack in a Apple account???

Consultant · Jan 20, 2014

You probably fell for phishing trick:
http://en.wikipedia.org/wiki/Phishing

McGiord · Jan 20, 2014

Ezio, if this is your real name, you might be simply revealing too much about you over the web.
Use an alias for sites liked this.

Ezio Auditore · Jan 20, 2014

Hello Consultant,

Nope. Definitely not.
Some time ago I did get a message which said click here because otherwise your Apple ID will expire.
I of course just deleted the mail.
I am not that old or stupid enough to fall for the phishing mails.

Shrink · Jan 20, 2014

Ezio Auditore said:
Hello Consultant,

Nope. Definitely not.
Some time ago I did get a message which said click here because otherwise your Apple ID will expire.
I of course just deleted the mail.
I am not that old or stupid enough to fall for the phishing mails.

Watch it now...you're equating old with gullible or stupid.

We old, gullible, not-so-bright folks are very sensitive about that stuff!

Ezio Auditore · Jan 20, 2014

McGiord said:
Ezio, if this is your real name, you might be simply revealing too much about you over the web.
Use an alias for sites liked this.

Oh really???

Yes I am an assassin from the year 1459. And now I am trying to figure out how to work with a Mac.

----------

Shrink said:
Watch it now...you're equating old with gullible or stupid.

We old, gullible, not-so-bright folks are very sensitive about that stuff!

Sorry, but I said stupid "ENOUGH".
Still pretty stupid do...

Ezio Auditore · Jan 20, 2014

Does anyone know how many attempts they can do to log in an account??

I read on a Dutch forum that in Itunes you can do unlimited attempts to log in?
If this is true, than they could have done a brute force attack with some kind of program to unveil my password???

Tumbleweed666 · Jan 21, 2014

Did you have a simple password? Because even if attempts are limited on a single account, they might do what I'll call a "reverse brute force" eg rather than attack one account a million times, you attack a million accounts one time using the same password.
Picking a common one, say 'password' or '123456' or perhaps both.

All you'd need is a list of valid emails to start with.
Lets say you have 1 million email addresses
if only 1% of those are associated with iTunes
and only 1% of those have 'password' or '123456' as the password,
that would get you 100 iTunes accounts !

aristobrat · Jan 21, 2014

Ezio Auditore said:
Does anyone know how many attempts they can do to log in an account??

I read on a Dutch forum that in Itunes you can do unlimited attempts to log in?
If this is true, than they could have done a brute force attack with some kind of program to unveil my password???

IMO, you should consider enabling two-factor authentication on any of your important accounts.

Instead of authenticating you just based only on "something you know" (like a password, or the answers to security questions), it also factors in "something you have", like sending a verification code to a device you own, and then having you type that code into the browser, before you can continue. IMO, Apple does a good job of explaining how they implement it in the link below.

http://support.apple.com/kb/HT5570?viewlocale=en_US&locale=en_US

Ezio Auditore · Jan 21, 2014

@Tumbleweed666
My password was not that simple, but it was also not a very complex one, more like something in between. So i doubt they use your theory, but who knows...
I am starting to think it is someone who knows me and has some kind off grudge to me.

@aristobrat
That is a nice security, unfortunately it is not yet available in my country.
There are really just a few countries where it is available at the moment, but when it comes to the Netherlands I will definitely use it.
Thank you for pointing it out.

In which countries is two-step verification available?

Initially, two-step verification is being offered in the U.S., UK, Australia, Ireland, and New Zealand. Additional countries will be added over time. When your country is added, two-step verification will automatically appear in the Password and Security section of Manage My Apple ID when you sign in to My Apple ID.

snberk103 · Jan 21, 2014

Ezio Auditore said:
@Tumbleweed666
...
I am starting to think it is someone who knows me and has some kind off grudge to me.
...

It depends on how you answered your security questions. It is very easy, in some cases, to use information you have openly provided on - for example - FaceBook to answer the 'secret' security questions for a different application. A number of years ago when Palin was running for VP of the US, hackers used publicly available biographical information to break into her personal email account. So it is entirely possible that someone who knows you, and can answer the security questions, may have hacked your Apple ID. I would start looking at younger brothers to begin with ....

Tumbleweed666 · Jan 21, 2014

aristobrat said:
IMO, you should consider enabling two-factor authentication on any of your important accounts.

Instead of authenticating you just based only on "something you know" (like a password, or the answers to security questions), it also factors in "something you have", like sending a verification code to a device you own, and then having you type that code into the browser, before you can continue. IMO, Apple does a good job of explaining how they implement it in the link below.

http://support.apple.com/kb/HT5570?viewlocale=en_US&locale=en_US

Thanks for the heads up I've just started that (you cant do it immediately, there is a 3 day wait after you start the process). Ive got this on my paypal account already, bit of a pain but worth it when you consider what youd feel like if your account got hacked.

----------

snberk103 said:
It depends on how you answered your security questions. It is very easy, in some cases, to use information you have openly provided on - for example - FaceBook to answer the 'secret' security questions for a different application. A number of years ago when Palin was running for VP of the US, hackers used publicly available biographical information to break into her personal email account. So it is entirely possible that someone who knows you, and can answer the security questions, may have hacked your Apple ID. I would start looking at younger brothers to begin with ....

This is a good point. My answers to those type of questions are treated as another password.eg where were you born? "asirfwnv" , first car? "dis466bddg" etc.

Dang now I'll have to change those....

Ezio Auditore · Jan 21, 2014

The answers to my security questions where not so hard to come up with, if the hacker know me personally. At least 2 of the 3 questions.

Then it is even more disturbing. If it is someone I know they better make sure I don't found out who it is. I am really going to kick the **** out of him if I knew who it was.

I have no brother and the rest is not that good of a friend to do a prank like this.

chown33 · Jan 21, 2014

Tumbleweed666 said:
This is a good point. My answers to those type of questions are treated as another password.eg where were you born? "asirfwnv" , first car? "dis466bddg" etc.

I've been doing this for a long time. The answers need to be long enough that they can't be brute-forced.

Sometimes they also need to be readable, because sometimes they have to be given to a person on the other end, who triggers a password reset.

Another important tactic that hasn't been mentioned: never reuse a password. That is, every password on any meaningful account is unique to that account. No reuse. Ever. Unless you truly don't care about who uses the account.

Search

Search

Apple ID Hacked

Ezio Auditore

macrumors newbie

Tumbleweed666

macrumors 68000

Ezio Auditore

macrumors newbie

Consultant

macrumors G5

McGiord

macrumors 601

Ezio Auditore

macrumors newbie

Shrink

macrumors G3

Ezio Auditore

macrumors newbie

Ezio Auditore

macrumors newbie

Tumbleweed666

macrumors 68000

aristobrat

macrumors G5

Ezio Auditore

macrumors newbie

snberk103

macrumors 603

Tumbleweed666

macrumors 68000

Ezio Auditore

macrumors newbie

chown33

Moderator

Our Staff