Last edited:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Hack Threats, Says There Were No iCloud or Apple ID Breaches
- Thread starter MacRumors
- Start date
- Sort by reaction score
thanks mate
[doublepost=1490271932][/doublepost]damn it says you have to have a passcode on your phone to use 2FA, i never use a passcode unless I'm traveling
BACK EVERYTHING VITAL UP WITH PEN AND PAPER, ONE DAY IT WILL NOT BE A HOAX
Well, they'd better have it under control. Pretty sure one of the dreams born in that Los Altos garage in the late 70s wasn't to enable Turkish gangsters to appropriate credit cards, tax returns and skin pics of 600 million customers.
And was anyone else thinking of Dr. Evil when they read the ransom demand was only $150,000? I mean yes, it's Bitcoin, but go big or go home right?
And was anyone else thinking of Dr. Evil when they read the ransom demand was only $150,000? I mean yes, it's Bitcoin, but go big or go home right?
I agree; I did it yesterday for my five devices, and it was pretty simple. So far I've only had to do it one time per device per account. It seems it was only using the 2FA to authorize the device, not the specific session. That's the right level of security for me.
Last edited by a moderator:
2fa is clutch on the net now.
That being said they might have logins to accounts where people use the same username and password all over the place. The same can be said for google or hotmail. Segment your passwords at the minimum. This slows down the burn if you get caught in one of these scrapes from an insecure web resources.
I segment banks. Email social. Purchases
That being said they might have logins to accounts where people use the same username and password all over the place. The same can be said for google or hotmail. Segment your passwords at the minimum. This slows down the burn if you get caught in one of these scrapes from an insecure web resources.
I segment banks. Email social. Purchases
As he said, you can use a password manager. But I don't-- I have a system that allows me to have a unique, memorable password for every site.
my passwords are huge and random.... 30+ characters generated by password tools, all different for every account. I don't know any of them personally. you can enable icloud keychain or use a well integrated app like 1password.
Well, I guess we find out around April 7th. I think the majority of internet users do recycle their passwords - so this is actually a bit of a PR danger for Apple (although not Apple's fault...its the bloody users).
Probably a good time to reach out to family members / friends and make sure their passwords for their Apple ID is not recycled from other websites at the minimum (gotta check the wife's). If they can be bothered have them make sure they give nonsense answers (unique to the Apple site) for the backup questions and write those down for future use. Two factor after that.
Probably a good time to reach out to family members / friends and make sure their passwords for their Apple ID is not recycled from other websites at the minimum (gotta check the wife's). If they can be bothered have them make sure they give nonsense answers (unique to the Apple site) for the backup questions and write those down for future use. Two factor after that.
And at its highest prices. Bitcoin is here to stayBitcoin is still alive?
They could have just ask for payment in form of ApplePay instead.
And when you are somewhere where you don't have your devices and you need to login to do something?
Another good password manager is KeePassX. It is available on Apple, Windows, Android, and Linux devices. Definitely use 2FA.
[doublepost=1490274267][/doublepost]
Unfortunately, that isn't exactly the case. It just means they can only access your iCloud account if they have access to one of your registered devices (to which the 6 digit confirmation code is delivered). If you lose a device you should immediately try to wipe it via "Where's My iPhone".
Last edited:
Apple definitely needs to fix the annoying "Sign in to your iCloud account" pop ups that seem to appear at random regardless of what you happen to be doing at the moment.
These end up numbing users vigilance and would make it easy for an app to exploit to collect passwords by presenting a fake dialog box.
These end up numbing users vigilance and would make it easy for an app to exploit to collect passwords by presenting a fake dialog box.
Guys I don't think it's /Apple's/ geolocation. They (just like anyone) locate the IP from which the request is coming, which itself is an imprecise science. It's not unusual for IP geolocation to be relatively inaccurate.
Apple's 2FA seems really temperamental, not sending codes -- or to devices that are offline. The maps feature is cool, but as others have noted often really inaccurate and only useful for its timing. And let's hope you don't have any old devices in your account because Apple will be certain to send your code to that device over and over and over. Makes it sort of hard to delete the device...
And it gets really fun when you have a device which suffers a catastrophic failure. Don't lose your recovery key, kids.
And while iCloud Keychain sync is in theory a good solution for password management, syncing is incredibly slow.
[doublepost=1490275741][/doublepost]
Next time it happens, test it yourself with other online IP mappers.
And it gets really fun when you have a device which suffers a catastrophic failure. Don't lose your recovery key, kids.
And while iCloud Keychain sync is in theory a good solution for password management, syncing is incredibly slow.
[doublepost=1490275741][/doublepost]
Respectfully disagree. It's their geolocation which isn't just relatively inaccurate. It's often wildly so.
Next time it happens, test it yourself with other online IP mappers.
None of them were a problem?! Then why did they offer free bumper cases? How about replacing bent phones? Have you ever tried to sign up to a website and gotten the messege "that user name has already been taken, please choose another"? It's impossible to create multiple iCloud accounts with the same email address. Go ahead, try it. The point is, Apple is known for never admitting fault. The first comment was sarcasm, I agree with it and found it to be funny.
I would assume that Apple is on the cutting edge with regards to intrusion detection. At the same time though, I would assume that any hacker worth anything can get in and get out without anyone knowing they were there. Yes, most of them are probably 'hacks' (forgive me) and will leave a trail of some kind. But how often do we hear about breaches where the company doesn't realize until some time much later that they were even hacked?
I agree that this is likely a case of re-use of id's and passwords. But I also don't necessarily feel 100% comfortable just because a company tells me they weren't hacked. I trust Apple security a bit more than most, but they surely aren't perfect.
I ran into the same situation and eventually turned it off because it was so much trouble. But will gladly try it again.
Apple is required by law to report security breaches. If they are lying there will be severe legal ramifications and fines, a lot more than the iTunes Gift cards demanded by the ‘hackers’.
It's odd that you go through the trouble of securing your ID, but don't have 2FA turned on.