9 Replies Latest reply: Dec 28, 2012 12:52 PM by kyte
wurzelgrumpf Level 1 Level 1 (5 points)

Hi,

 

yesterday, I've received spam mail from a Christine Meyer on Rasperry Ultradrops on my mac.com account on both the standard and one alias. What makes me nervous is the fact that this alias is not known to anybody because I've never used it so far. What is of even more concern is that my wife received the very same spam on her me.com email which she has NEVER used as an email address so far.

We all are on Macs that are protected by 3rd party firewall, IDS, AV etc. (Symantec on some machines and Intego on the others).

As I'm working in information security, rest assured that both I and my family are trained on security and also my perimeter is secure.

The only thing I can think of right now is that the email addresses leaked from Apple's systems which, of course, would make me more than nervous.

I will ask in my networks now who of my friends using iCloud email have received that spam, too.

If anybody of you has received the same (see below) spam mail, there might be a serious breach.

Thanks for comments.

 

  • 1. Re: How secure is iCloud mail?
    QuickTimeKirk Level 8 Level 8 (48,125 points)

    I got the same spam and just deleted it.

    Your email name (like mine) was "guessed" by the software used to generate the mass mailing.

  • 2. Re: How secure is iCloud mail?
    John Galt Level 8 Level 8 (36,415 points)

    Same here. Raspberry Ultradrops.

     

    All my iCloud emails received it. I think it's unlikely that all my addresses were guessed.

     

    Everything in the header is spoofed - to, from, reply... all meaningless:

     

    Screen Shot 2012-11-20 at 12.51.19 AM.png

     

    It's the only spam my iCloud email has received to date. Whatever... spam is just an unavoidable fact of life.

  • 3. Re: How secure is iCloud mail?
    Sybil Ann Chick Level 2 Level 2 (220 points)

    I've had some of those Raspberry Ultradrops emails too, but from different addresses and to aliases as well as my main .mac/.me address, and to my late sister's .mac/.me inbox (which I've had to keep open and migrate to iCloud as there are sometimes legitimate messages to a voluntary group she was involved in).

     

    I've also picked up a LOT of emails this last week or so saying I'm 'on the top' on Youtube, again to all the same addresses. These arel obviously spam as I haven't posted any videos on Youtube!

     

    Spammers could have got my addresses from Yahoo Groups but my sister was never subscribed to Yahoo so that makes me concerned that there could have been a compromise with Apple's iCloud security.

  • 4. Re: How secure is iCloud mail?
    John Galt Level 8 Level 8 (36,415 points)

    Spam #2:

     

    Screen Shot 2012-11-25 at 8.49.07 AM.png

     

     

    Whatever the reason, I have no doubt Apple will use this experience to improve their iCloud server - side spam protection. The disease must be observed before a cure can be found.

  • 5. Re: How secure is iCloud mail?
    kyte Level 1 Level 1 (5 points)

    I've had the DrOz ones as well, and was just deleting at first, but may as well send to spam@me.com

     

    I've never used my icloud or me.com addresses, not the ones that are getting the spam... so I'm calling security breach.. "undisclosed@icloud.com" does tend to suggest that many many many people are getting this rubbish.  Apple needs to clean up, and trap this stuff. 

  • 6. Re: How secure is iCloud mail?
    ChrisRR Level 3 Level 3 (920 points)

    Add me to the list. I have had my .me and dot mac email addresses for as long as I can remember, I have kept it strictly as a personal email address and treated it with the utmost care. Since I switched to icloud it now gets spammed by Dr Oz. So does my wife's and she has had and never used her .mac address.

     

    I don't know how this has happened, but I assume those who say it's been a breach at Apple are likely to be correct. Those who assert, assertively, that it is not an Apple failure and that my email and everyone else's were guessed - I'd like to see the evidence to support that assertion please.

  • 7. Re: How secure is iCloud mail?
    capaho Level 4 Level 4 (3,650 points)

    There does seem to be a worrisome problem with the iCloud mail system at present.  See this thread:

     

    https://discussions.apple.com/thread/4613614?tstart=0

  • 8. Re: How secure is iCloud mail?
    Javababe Level 1 Level 1 (0 points)

    My husband and I have been receiving these spam emails. At first I just deleted them, then later began marking them as junk. They are from Christine Meyer, Dr.OZ and Dr.Oz Diet. These spam emails are coming to 3 of my me.com addresses, 2 of these addresses have never been used. Two are alias, but the other is my main iCloud address. I can delete an alias, but not my main icloud address.

     

    I hope that Apple is reading our Spam problem and will address it soon. I've never had spam with my Apple mail until this started.

  • 9. Re: How secure is iCloud mail?
    kyte Level 1 Level 1 (5 points)

    what a pain to be forced to delete aliases though. 

     

    How's everyone else going?  Since junking and reporting the spam I've had... I have had no more.  Its been ~24 hours now.  Perhaps the spammers are taking a break, or perhaps Apple has put something specific in place now so many of us have reported this particular campaign.