Possible iCloud security loophole!

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by scouser75, May 18, 2017.

  1. scouser75 macrumors 65816

    Oct 7, 2008
    Hi guys, I've noticed a possible security loophole in the way Apple notifies us when our iCloud account has been hacked or amended.

    Tonight I changed my password for my iCloud. Even though I've setup a non Apple email address to notify me if such activity happens I was only notified on my iCloud email address. BUT NOT on my non Apple email address. So if I had been hacked I would not know anything if the hacker immediately deleted the email received on my hacked Apple email!! The hacker can then change my password in which case I am stuck and in trouble!

    Is there a way I can be more secure where an email is received to my non Apple email address?

    I have now setup 2 step verification. But want to be notified on my secondary email address of any suspicious activity.
  2. BasicGreatGuy Contributor


    Sep 21, 2012
    In the middle of several books.
    Any time I have made changes to my iCloud account, I get notified on the iCloud account email, as well as the non-apple email address.

    It is possible, that there was a glitch or some other problem with your secondary account email.
  3. Shirasaki macrumors G3


    May 16, 2015
    My secondary address works perfectly fine for me. And I do not have 2 step verification or 2FA.
  4. flyinmac macrumors 68040


    Sep 2, 2006
    United States
    Has always worked for me. But I don't have an iCloud email address. I only use my gmail email with iCloud to log in and authenticate.
  5. scouser75 thread starter macrumors 65816

    Oct 7, 2008
    Thanks guys. Could it be the fact that I use my .me email address to log in to iCloud?

    Also can someone please give me a guide to setting up my secondary email address in case I've set it up incorrectl.
  6. Gav2k macrumors G3


    Jul 24, 2009
    Go to Appleid.com once logged In tap the account button and where it says contactable at select add more. One it loads add additional email addresses. Each address you add will get a security alert if there is an issue
  7. scouser75 thread starter macrumors 65816

    Oct 7, 2008
    I just went and checked my account and I actually DO have a recovery email address setup. It's a Gmail account but I get no emails sent to this gMail account when I change passwords etc. I'm going to contact Apple later today. Somethung somewhere ain't right!
  8. C DM macrumors Sandy Bridge

    Oct 17, 2011
    Well, a recovery email address isn't one that would get notifications, it's there just for recovery purposes basically.
  9. scouser75 thread starter macrumors 65816

    Oct 7, 2008
    I already have that setup but still no emails go to the account.

    I spoke to Apple just now and they said that if your account is hacked, or accessed from an unknown device, Apple WILL ONLY send an email to your Apple ID email address and NO OTHER email addresses.

    I explained that if an account is hacked, the first thing the hacker would do is DELETE the notification email that account has been accessed and the customer would be none the wiser. She said that was Apple's way of doing things!!!

    Very very very odd!
  10. Primejimbo macrumors 68040

    Aug 10, 2008
    I think if you delete an email, you have put another one in. And you get an email to both the new and old email.

    Set up 2 factor authentication and be done with it.
  11. scouser75 thread starter macrumors 65816

    Oct 7, 2008
    I don't understand. Please explain.
  12. scouser75 thread starter macrumors 65816

    Oct 7, 2008
    On 2 factor authentication, if I set-up my mobile phone number, when logging on to another device should I receive an SMS? Reason I ask is I've set up my mobile number and when I tried to log in I didn't receive an SMS. I had to go into my iCloud account on my iPhone and then request a authorisations code directly on the phone and NOT via SMS.

    AN hour in and still no SMS has arrived. And the mobile phone number has been verified.
  13. scouser75 thread starter macrumors 65816

    Oct 7, 2008
    Guys I'm having some problems with 2 factor authentication on my Mac Pro. Every single time I log in to the Mac it's asking me for my authentication code. I've entered it correctly several times but after every shut/log off and start up it asks.

    The same thing if I log into icloud from a Web browser from that machine. It asks for a code every time.

    What have I done wrong?

Share This Page

12 May 18, 2017