Possible iCloud security loophole!

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by scouser75, May 18, 2017.

  1. scouser75 macrumors 6502a

    Joined:
    Oct 7, 2008
    #1
    Hi guys, I've noticed a possible security loophole in the way Apple notifies us when our iCloud account has been hacked or amended.

    Tonight I changed my password for my iCloud. Even though I've setup a non Apple email address to notify me if such activity happens I was only notified on my iCloud email address. BUT NOT on my non Apple email address. So if I had been hacked I would not know anything if the hacker immediately deleted the email received on my hacked Apple email!! The hacker can then change my password in which case I am stuck and in trouble!

    Is there a way I can be more secure where an email is received to my non Apple email address?

    I have now setup 2 step verification. But want to be notified on my secondary email address of any suspicious activity.
     
  2. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #2
    Any time I have made changes to my iCloud account, I get notified on the iCloud account email, as well as the non-apple email address.

    It is possible, that there was a glitch or some other problem with your secondary account email.
     
  3. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #3
    My secondary address works perfectly fine for me. And I do not have 2 step verification or 2FA.
     
  4. flyinmac macrumors 68030

    flyinmac

    Joined:
    Sep 2, 2006
    Location:
    United States
    #4
    Has always worked for me. But I don't have an iCloud email address. I only use my gmail email with iCloud to log in and authenticate.
     
  5. scouser75 thread starter macrumors 6502a

    Joined:
    Oct 7, 2008
    #5
    Thanks guys. Could it be the fact that I use my .me email address to log in to iCloud?

    Also can someone please give me a guide to setting up my secondary email address in case I've set it up incorrectl.
     
  6. Gav2k macrumors G3

    Gav2k

    Joined:
    Jul 24, 2009
    #6
    Go to Appleid.com once logged In tap the account button and where it says contactable at select add more. One it loads add additional email addresses. Each address you add will get a security alert if there is an issue
     
  7. scouser75 thread starter macrumors 6502a

    Joined:
    Oct 7, 2008
    #7
    I just went and checked my account and I actually DO have a recovery email address setup. It's a Gmail account but I get no emails sent to this gMail account when I change passwords etc. I'm going to contact Apple later today. Somethung somewhere ain't right!
     
  8. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #8
    Well, a recovery email address isn't one that would get notifications, it's there just for recovery purposes basically.
     
  9. scouser75 thread starter macrumors 6502a

    Joined:
    Oct 7, 2008
    #9
    I already have that setup but still no emails go to the account.

    I spoke to Apple just now and they said that if your account is hacked, or accessed from an unknown device, Apple WILL ONLY send an email to your Apple ID email address and NO OTHER email addresses.

    I explained that if an account is hacked, the first thing the hacker would do is DELETE the notification email that account has been accessed and the customer would be none the wiser. She said that was Apple's way of doing things!!!

    Very very very odd!
     
  10. Primejimbo macrumors 68040

    Joined:
    Aug 10, 2008
    Location:
    Around
    #10
    I think if you delete an email, you have put another one in. And you get an email to both the new and old email.

    Set up 2 factor authentication and be done with it.
    https://support.apple.com/en-us/HT204915
     
  11. scouser75 thread starter macrumors 6502a

    Joined:
    Oct 7, 2008
    #11
    I don't understand. Please explain.
     
  12. scouser75 thread starter macrumors 6502a

    Joined:
    Oct 7, 2008
    #12
    On 2 factor authentication, if I set-up my mobile phone number, when logging on to another device should I receive an SMS? Reason I ask is I've set up my mobile number and when I tried to log in I didn't receive an SMS. I had to go into my iCloud account on my iPhone and then request a authorisations code directly on the phone and NOT via SMS.

    AN hour in and still no SMS has arrived. And the mobile phone number has been verified.
     
  13. scouser75 thread starter macrumors 6502a

    Joined:
    Oct 7, 2008
    #13
    Guys I'm having some problems with 2 factor authentication on my Mac Pro. Every single time I log in to the Mac it's asking me for my authentication code. I've entered it correctly several times but after every shut/log off and start up it asks.

    The same thing if I log into icloud from a Web browser from that machine. It asks for a code every time.

    What have I done wrong?
     

Share This Page