Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Why would you sign on to random machines? And even if you do so - why wouldn't you logout when you are done?

Let's say I wanted to access iCloud Drive on one of our lab machines? I should NOT get a box that says "allow here is your code" on that macchine. And I do.
 
Let's say I wanted to access iCloud Drive on one of our lab machines? I should NOT get a box that says "allow here is your code" on that macchine. And I do.
I see. I don't think the system was designed with that kind of usage in mind. There really should be different trust tiers. But I guess that would get way too complicated for the average Joe. (It is already pretty messy to set up)
 
I see. I don't think the system was designed with that kind of usage in mind. There really should be different trust tiers. But I guess that would get way too complicated for the average Joe. (It is already pretty messy to set up)

Agreed. Perhaps it was a bug that was fixed, and maybe my iMac gets the code because it is already a known trusted device. I'll try today and see what happens on a machine I have never used before.
 
Not trying to be mean, but anyone who has an iPhone and puts your number into the number field in iMessage can figure out if you have an iPhone or not (iMessage turns blue rather than green).

Good point. But I never had such call before. I am aware of scam calls that says a Mac or iOS devices needs repair or some other scams.

The automated call specifically said about my apple account, so it got me alarmed.
[doublepost=1490211338][/doublepost]
Apple NEVER calls customers about their Apple ID account unless it has been pre-scheduled via the Apple website or Retail store. Anything else is a scam. Trust me.

Obviously I am aware of that. That wasnt the point.

I called Apple because someone has my information (my contact, fact that I have an iPhone, and that I use apple account)

And they said there was a problem with my Apple account (coincidence as this news article came out)

And I never get these kinds of scam phone call. I am very technologically acknowlegeable and I NEVER use my real info when signing up on things
 
Sounds like bull **** to me.
$75k? For a flaw that big? You'd get more money from Apple for the bug bounty.
Turkish Crime Family?
Someone's being smoking their hooka a bit too much.



A single hacker or group of hackers who have identified themselves as the "Turkish Crime Family" allegedly have access to at least 300 million iCloud accounts, but they are willing to delete the alleged cache of data if Apple pays a ransom by early next month, according to a report from Motherboard.

lock-icloud.jpg

The hackers have allegedly demanded $75,000 to be paid in cryptocurrencies Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards, by April 7, or they will reset a number of the iCloud accounts and remotely wipe victims' Apple devices. The email accounts are said to include @icloud.com, @me.com, and @mac.com addresses.

The report said that the hackers "provided screenshots of alleged emails between the group and members of Apple's security team," while the hackers also shared an unlinked YouTube video that seemingly shows proof of them accessing "an elderly woman's iCloud account" and "the ability to remotely wipe the device."

If the screenshotted email is accurate, which it very well might not be, a member of Apple's security team turned down the ransom, noting that Apple does "not reward cyber criminals for breaking the law."Apple did apparently request to see a sample of the dataset, according to the report, but it is unclear if the hackers obliged.

"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers said.

The report should be treated with a healthy dose of skepticism, as these allegations could be untrue, and Apple has yet to confirm or comment on the matter.

Update: The group claims additional hackers have stepped forward and shared additional account credentials, putting the number of accessible iCloud accounts at over 627 million, according to security-centric website CSO Online.

Article Link: Hackers Claim Access to 300 Million iCloud Accounts, Say Apple Refused to Pay $75,000 Ransom
 
re: the amount. It could be a threshold they came up with that minimizes any sentencing they might get if convicted.
But I have no idea if that even matters.
 
  • Like
Reactions: Eddie Beeps
Well, that's weird! A couple of devices signed into my account, like my girlfriend's phone (so we can share some paid apps) don't show up on the icloud.com list, but DO on appleid.apple.com. I guess the latter is the better place to look.

Screenshot?
 
Good point. But I never had such call before. I am aware of scam calls that says a Mac or iOS devices needs repair or some other scams.

The automated call specifically said about my apple account, so it got me alarmed.
[doublepost=1490211338][/doublepost]

Obviously I am aware of that. That wasnt the point.

I called Apple because someone has my information (my contact, fact that I have an iPhone, and that I use apple account)

And they said there was a problem with my Apple account (coincidence as this news article came out)

And I never get these kinds of scam phone call. I am very technologically acknowlegeable and I NEVER use my real info when signing up on things

Just curious, how do you *know* these things? I may have missed it, but I didn't see where you said they identified you with any personal information. It sounds like a call to a random number saying your account had been compromised. They don't need to know if you have an iPhone or if you have an Apple account. If you have an iPhone and an account, you get worried. If you don't, you dismiss the call as a stupid phishing scheme.

[EDIT] I get dumb phishing calls all the time and I'm certain I haven't given out my number. I'm sure there's some underground list of valid phone numbers out there. I just ignore them.
 
This better not be true because I refuse to turn on two factor authentication. I'm a young, tech savvy individual, but the two times that I have attempted to turn it on have not gone well. On my iPhone, it always says follow up required and that I need to enter my trusted verification code on another apple device, which I have done countless times and then it says completed, but the message will never go away on my phone and it notifies me like every 5 minutes. I
I've restarted, updated, the like, but to no avail. I just turned it off for fear that I will lose iCloud access in an emergency. Does anyone else have issues with it?
if it keeps asking for the follow up then you need to log out of iCloud on your phone, then log back in. this just happen to me when trying to switch from 2 step to 2 form. i kept getting that message when trying to turn on the feature to allow the apple watch to unlock my mac. the only way i could fix it was to log out of iCloud on my iPhone, then log back into iCloud on my iPhone... then i had to unpair the apple watch and pair it again. it all works now.
 
I called Apple because someone has my information (my contact, fact that I have an iPhone, and that I use apple account)

And they said there was a problem with my Apple account (coincidence as this news article came out)

I call random numbers, and then I say "there's a problem with your Apple account and your iPhone". The reply is either "you stupid scammer, I have a Samsung phone" (in that case you'll get a call next week about your Google Store account and your Samsung phone, but I'll hang up for now), or "Oh my god, are there hackers that broke into my iPhone?"
 
  • Like
Reactions: rjohnstone
As someone else mentioned, last week I received an email from Apple stating that my icloud account had been accessed by someone in Russia.

Without actually clicking on anything, I looked at the URL that was used to "update password". Looked official. No weird spacing, extra characters or spelling.

However, not wanting to take ANY changes, I logged into my account, changed my password then used the "sign out of all browsers" option on iCloud.
 
This better not be true because I refuse to turn on two factor authentication. I'm a young, tech savvy individual, but the two times that I have attempted to turn it on have not gone well. On my iPhone, it always says follow up required and that I need to enter my trusted verification code on another apple device, which I have done countless times and then it says completed, but the message will never go away on my phone and it notifies me like every 5 minutes. I
I've restarted, updated, the like, but to no avail. I just turned it off for fear that I will lose iCloud access in an emergency. Does anyone else have issues with it?


You're not tech savvy if you have trouble with 2FA
 
Wouldn't it be easier to provide the activated iTunes gift cards and then wipe them?
Probably, but what's to prevent the crooks just deleting the accounts then? How can Apple ever know they've not made copies? There's no way to prove they've deleted what they stole. Even if they paid cash, how do they know they won't go ahead and delete them anyway? If Apple really thinks the crooks have the real thing, Apple's only play is really to invalidate all access (or at least refuse all requests to delete account info), and go thru some tedious re-registration process. I don't see how paying crooks anything would ever work.Even if the FBI had the crooks behind bars, how do they know they've not already been stashed somewhere on the dark net or in a farmhouse in the middle of nowhere? If the breach is real, Apple has a very expensive internal problem to fix as well as a customer relations nightmare. The damage would already be done and way more expensive to correct than what these guys are supposedly asking. It's easy to believe somebody can pillage individual accounts, but surely they'd have very strong 2FA and more for anyone to be able to access the data for 300 million people. You'd think they'd have access patterns nailed down for access requests and have a system in place that would track external access requests and only allow a very few internal systems to access the core data outside that pattern without security's support phones going off immediately and requiring some kind of joint authorization to restore "normal" remote access.
 
As someone else mentioned, last week I received an email from Apple stating that my icloud account had been accessed by someone in Russia.

Without actually clicking on anything, I looked at the URL that was used to "update password". Looked official. No weird spacing, extra characters or spelling.

However, not wanting to take ANY changes, I logged into my account, changed my password then used the "sign out of all browsers" option on iCloud.

Was it actually an email from Apple?

I've seen some really incredible fakes recently from all sorts of companies.
 
...or $150,000 in McDonald's gift certificates.
[doublepost=1490224132][/doublepost]
Might be a good time to:

1) Make sure you have your own independent backup of all your data in iCloud. You should do this regardless of hacker threats.
2) Change your Apple ID password.
3) Check your signed-in devices list for any devices you don't recognize, and remove them.
4) For the love of whatever deity you believe in, enable two-factor authentication. C'mon, people. :)
Brilliant. Awesome you posted this. Thank you.
[doublepost=1490225008][/doublepost]
Those iTunes cards get resold (at a loss; note they want more $ in gift cards than in cash), so it's the same thing. They're just greedy criminal scum.
I CANNOT imagine that Apple doesn't have the ability to issue iTunes cards to these Turkish hill people and then zero-out the value of those cards based on the unique codes in the batch of cards they give them.
 
I received this just yesterday:

Your АppIe ID was logged into from a new browser.

lР address: 90.79.86.181 ( Paris, FRANCE )
Вrowser: Chrome on Windows 10.1

For your pro.tection, your АppIe ID is auto.matically lock.ed.

If you have not si.gned in to АppIe ID recently and believe some.one may have acc.essed your acc.ount, go to ( https://apρIeid.αррIe.com/Verify ) and ver.ify your acc.ount.

Sincerely,

АppIe Sup.port
It's a good thing the people who run phishing scams have no idea how to write. Anyone who is literate would look at that message and realize immediately that it's not coming from a large corporation that can afford copywriters...
[doublepost=1490225157][/doublepost]
As someone else mentioned, last week I received an email from Apple stating that my icloud account had been accessed by someone in Russia.

Without actually clicking on anything, I looked at the URL that was used to "update password". Looked official. No weird spacing, extra characters or spelling.

However, not wanting to take ANY changes, I logged into my account, changed my password then used the "sign out of all browsers" option on iCloud.
No way that was real.

A real e-mail from Apple would not include a link to reset your password. It would just advise you to reset it, if the login looks suspicious to you.
 
I get that, but let's say they sell them on Raise.com, they lose a ton of money (probably would get less than the cash demand) cause no one pays full price for gift cards and then there are fees, Apple kills the cards, people that bought them on raise are pissed cause they can't use them, file a case, find that they were fraudulent cards, reverse the purchase of the gift cards, hackers are left with nothing.

F'ng amateurs, dude.

Serisouly, they sound like 8 year olds, dude.
Yeah but presumably they would still have the 627 million accounts. And Apple could try to force resets, but not everyone would reset their passwords in the meantime.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.