Possible iCloud security loophole!

scouser75

macrumors 68000
Original poster
Oct 7, 2008
1,627
230
Hi guys, I've noticed a possible security loophole in the way Apple notifies us when our iCloud account has been hacked or amended.

Tonight I changed my password for my iCloud. Even though I've setup a non Apple email address to notify me if such activity happens I was only notified on my iCloud email address. BUT NOT on my non Apple email address. So if I had been hacked I would not know anything if the hacker immediately deleted the email received on my hacked Apple email!! The hacker can then change my password in which case I am stuck and in trouble!

Is there a way I can be more secure where an email is received to my non Apple email address?

I have now setup 2 step verification. But want to be notified on my secondary email address of any suspicious activity.
 

scouser75

macrumors 68000
Original poster
Oct 7, 2008
1,627
230
Thanks guys. Could it be the fact that I use my .me email address to log in to iCloud?

Also can someone please give me a guide to setting up my secondary email address in case I've set it up incorrectl.
 

Gav2k

macrumors G3
Jul 24, 2009
9,217
1,606
Thanks guys. Could it be the fact that I use my .me email address to log in to iCloud?

Also can someone please give me a guide to setting up my secondary email address in case I've set it up incorrectl.
Go to Appleid.com once logged In tap the account button and where it says contactable at select add more. One it loads add additional email addresses. Each address you add will get a security alert if there is an issue
 
  • Like
Reactions: scouser75

scouser75

macrumors 68000
Original poster
Oct 7, 2008
1,627
230
I just went and checked my account and I actually DO have a recovery email address setup. It's a Gmail account but I get no emails sent to this gMail account when I change passwords etc. I'm going to contact Apple later today. Somethung somewhere ain't right!
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
48,915
17,557
I just went and checked my account and I actually DO have a recovery email address setup. It's a Gmail account but I get no emails sent to this gMail account when I change passwords etc. I'm going to contact Apple later today. Somethung somewhere ain't right!
Well, a recovery email address isn't one that would get notifications, it's there just for recovery purposes basically.
 

scouser75

macrumors 68000
Original poster
Oct 7, 2008
1,627
230
Go to Appleid.com once logged In tap the account button and where it says contactable at select add more. One it loads add additional email addresses. Each address you add will get a security alert if there is an issue
I already have that setup but still no emails go to the account.

I spoke to Apple just now and they said that if your account is hacked, or accessed from an unknown device, Apple WILL ONLY send an email to your Apple ID email address and NO OTHER email addresses.

I explained that if an account is hacked, the first thing the hacker would do is DELETE the notification email that account has been accessed and the customer would be none the wiser. She said that was Apple's way of doing things!!!

Very very very odd!
 

scouser75

macrumors 68000
Original poster
Oct 7, 2008
1,627
230
On 2 factor authentication, if I set-up my mobile phone number, when logging on to another device should I receive an SMS? Reason I ask is I've set up my mobile number and when I tried to log in I didn't receive an SMS. I had to go into my iCloud account on my iPhone and then request a authorisations code directly on the phone and NOT via SMS.

AN hour in and still no SMS has arrived. And the mobile phone number has been verified.
 

scouser75

macrumors 68000
Original poster
Oct 7, 2008
1,627
230
Guys I'm having some problems with 2 factor authentication on my Mac Pro. Every single time I log in to the Mac it's asking me for my authentication code. I've entered it correctly several times but after every shut/log off and start up it asks.

The same thing if I log into icloud from a Web browser from that machine. It asks for a code every time.

What have I done wrong?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.