Spark Says 'No Breach or Data Leak' After Users Get Locked Out of Apple IDs

[dogslobber]

This isn't/wasn't a hack. Did you bother reading the article at all?

Who says it wasn't?

 

[willmtaylor]

Who says it wasn't?

Show the evidence that it was. Burden of proof is on the accuser.

 

[dogslobber]

Shown,S evidence that it was. Burden of proof is on the accuser.

No, not really. All I hear is a company that stores email login credentials that suddenly cause people to be locked out of those email accounts claiming it wasn't a hack. Of course I believe them!

 

[C DM]

No, not really. All I hear is a company that stores email login credentials that suddenly cause people to be locked out of those email accounts claiming it wasn't a hack. Of course I believe them!

Because just as easily, or more likely even much easier, it couldn't be a glitch with something somewhere?

 

[dogslobber]

Because just as easily, or more likely even much easier, it couldn't be a glitch with something somewhere?

It could be a lot of things but I have no reason to trust this vendor so I'll assume the worst. You're welcome to see this incident how you want to and that includes taking their P.R. Statement at face value.

 

[drumcat]

I think what might be better said is that it wasn't a "hack"/crack, nor data theft, but it was a real proof of concept with actual end user damage. Fortunately we have no reason to think it wasn't what they say it was because Apple would have needed to disclose if there was a data breach.

We do need to be careful to not mislabel it, but there was a real effect, and it will at very least change my approach.

 

[haruhiko]

Given how important your Apple ID is and how much sensitive information is in the account, I don't think anyone should handover their Apple ID and PW to any party other than Apple, for whatever benefit or convenience. Just don't do this.

 

[Rigby]

Here's a new update from Readdle:

https://readdle.com/blog/2016/07/spark-and-locked-apple-ids/

They have now shut down the server-side features for iCloud email users in an attempt to avoid further account lock-outs.

 

[thebroz]

Given how important your Apple ID is and how much sensitive information is in the account, I don't think anyone should handover their Apple ID and PW to any party other than Apple, for whatever benefit or convenience. Just don't do this.

Spark uses an "app specific" password, not your Apple ID password. You have to log into your Apple account and generate the app specific password, and plug that into Spark. That's not as bad as handing over your real Apple ID password. It's bad enough, tho. I deleted the app. I was locked out of my account twice in the past week, and I'm not amused.

 

[willmtaylor]

Here's a new update from Readdle:

https://readdle.com/blog/2016/07/spark-and-locked-apple-ids/

They have now shut down the server-side features for iCloud email users in an attempt to avoid further account lock-outs.

What a great PR response. Clear, detailed, honest, and to the point. I appreciate that.

 

[Max Portakabin]

What a great PR response. Clear, detailed, honest, and to the point. I appreciate that.

Great PR would include an apology. A clear and concise apology.

 

[drumcat]

"
Status as of right now:

1. It should be safe to connect your iCloud emails to Spark."

It should have been safe before... sorry. I had 4 lockouts. I'm not sitting on "should", because this means that they are currently yet to turn it back on. Guess what happens then? Oh, I dunno... potentially the same thing?

No no... I'm not an Alpha tester. You kids go have fun. I'll stick to the Apple Mail app, despite its flaws. I've already been burned too many times.

 

[Peepo]

There's an update for spark today but doesn't specifically address the lockout issue. It says performance and stability improvements. Therefore I am not going to waste my time testing at this point.