Currently Being ModeratedJun 21, 2013 3:05 AM (in response to Robbie_DB)
A lot of people have complained of this. It seems unlikely that this has come from Apple given the constant repeats, and may well be a phishing attempt. In any case do not click on any links in it.
If you feel you need to reset your password, go directly to http://appleid.apple.com . Remember you will need to sign out and in again on all your devices and services which use it.
The long header of the message may indicate whether or not it actually came from Apple. It would be useful to have it posted here, but if you do so, remove your email address from it first. To view the long header, open the message and hit command-shift-h.
Currently Being ModeratedJun 21, 2013 3:14 AM (in response to Roger Wilmut1)
Thanks for the reply. Well, the messages have all looked pretty genuine to me. I did suspect phishing. But I post the header of one of the messages here for you to look at (I replaced the e-mail address I received this at with xxxxxxx),
Authentication-Results: hotmail.com; spf=pass (sender IP is 126.96.36.199; identity alignment result is pass and alignment mode is relaxed) email@example.com; dkim=pass (identity alignment result is pass and alignment mode is relaxed) header.d=id.apple.com; x-hmca=pass firstname.lastname@example.org
X-Message-Info: NhFq/7gR1vSKhFmi4WwI4Kh+Jze51X5wgInS0JduvrOdSaFTCph9nVA6i4NSGGdPKTQrKHWmmRjxuPh W+yb65g0nWJ5Pv3v3U0Y16wRI3GF7ic88vkBs5FHMIHRvUNo0ssXxUuYlEImyjTvgUNEr903mBNzDumR 96fhCpSDKKTk=
Received: from nwk-txn-msbadger0303.apple.com ([188.8.131.52]) by SNT0-MC1-F47.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Thu, 20 Jun 2013 12:22:13 -0700
DKIM-Signature: v=1; a=rsa-sha1; d=id.apple.com; s=id2048; c=relaxed/simple;
q=dns/txt; email@example.com; t=1371756132;
Date: Thu, 20 Jun 2013 19:22:12 +0000 (GMT)
From: Apple <firstname.lastname@example.org>
Subject: How to reset your Apple ID password.
X-Sent-To: xxxxxxxxx,2,k%2BmjWPCFEH1m5ry2zndhAmumlP8MsmMaHe88qBcDnaPdpSUceY3G8Djxz9L1r6zoB 4HegNyyOPjbx9zID3YEggObuZpSmV2CkZWjESqBHrXLjl2G02R8iCtAjtOxvPHqKDsDoHsju279MsU%2 Ff4WVTH3LP6nfHzf3zGvykU1pJ7M7eDsoSMm2UMknvlH9t8MtJ8Xv6dntb61x4BPv27kXYlSMiMYTG9o 6gCACdJc3QNcnG46qm8Dv8BznNl%2FMrGML%2F7ZFE4a2emYbfEV1ALKJ7Ay9%2B7O9of1urER0Xx6AT KpgUJAtGRG705NgQOobqy2DSiY746i04hJyHJbrrWZdTQ%3D%3D
X-OriginalArrivalTime: 20 Jun 2013 19:22:13.0141 (UTC) FILETIME=[77966450:01CE6DEB]
Currently Being ModeratedJun 21, 2013 3:28 AM (in response to Robbie_DB)
Yes, it does appear to be genuine. Why so many people are receiving this, and repeatedly, is not clear. It may indeed by that there are repeated attempts being made to access people's accounts illicitly which is then triggering these emails automatically.
As long as your password is a solid one - not a dictionary word, and it should be at least 8 characters long (12 is better) and contain at least one upper case character and one numeral) - you can probably just ignore it.
Currently Being ModeratedJul 12, 2013 1:47 PM (in response to Robbie_DB)
I received several messages of this type this morning. After a considerable amount of research, I still don't know what to do.
The emails were addressed to my Apple ID Recovery email address, which definitely made me wonder if my account had been compromised. (I set up two-step verification when it first came out.)
Although the emails seemed to have come what appeared to be a genuine Apple email address, and the links took me to what appeared to be a legitimate, secure Apple website, the whole thing did not seem right.
I spent a half-hour on the phone with Apple service regarding the issue but did not get any definitive answers. Are the emails legitimate? What caused this? Was my account secure? Did something happen that triggered a bulk email being sent out?
The best the tech could offer was to change the password on the AOL email account that is my email recovery address.
I have not made any changes to or inquiries regarding my Apple account/ID/password since I set up two-step verification when it first came out. So far, I have not noticed any unauthorized activity on my account.
I haven't found any clear answers on Mac sites; does anyone have further information? So far, I do not feel reassured. I'd prefer not to reset my Apple ID password as I have a number of devices.
Thanks, everyone.Mac OS X (10.7.5), 2.3 GHz intel Core i5
Currently Being ModeratedJul 12, 2013 3:46 PM (in response to Robbie_DB)
I'm an iTunes user only, and have been getting hit with "iForgot" emails from Apple for a couple weeks now. About 1 to 2 emails every couple days.
The first time it happened, I also suspected a phishing attempt. But the links in the email all seemed genuine and the email header looked almost identical to the one posted here. Still, rather than risk it, I signed into iTunes and did a reset from within the app, changing my password to something completely new.
Within a couple days, I got the same email, and it's repeating still. My password is fine (obviously, since I was able to sign into the community forums), yet I still keep getting the reset password emails.
This is very concerning, as my credit card information and purchasing rights for music are tied into my iTunes account and controlled by this password. I can't find any official comment from Apple about this, weither it's a glitch in their system, or a hacking attempt or what. I'd like the emails to stop, but I'd like to know what's going on too.
Currently Being ModeratedJul 15, 2013 4:05 AM (in response to Robbie_DB)
I'm glad I'm not the only one having this problem. It's freaking me out! Started 2 weeks ago and happens now almost daily.
I also get prompted for my password continuously when I'm using an app or just trying to look at photos etc. I click 'ignore' or 'cancel' and it goes away, but I'm worried some scammer is lurking there waiting for me to do something that will trigger IPad Armageddon.
I'm checking my bank account every whip stitch in case 'the spooks' have managed to hack into it and rack up fraudulent purchases at my expense.
Can't Apple do something about this? Please??
Currently Being ModeratedJul 19, 2013 8:20 PM (in response to Robbie_DB)
I just started getting these emails today also and found it odd. Then found it even more odd that so many people are having this same issue and Apple has not made one comment (that I could find) on it, at the very least to say they will be looking into the problem.
Is it possible that it may have something to do with in-app purchases over a certain dollar amount? I recently made one over my usual .99 cent purchases, and the next day the emails started rolling in. All unrequested. Anyone else have this coincidence? Maybe app makers are selling apple IDs to phish?
Currently Being ModeratedJul 22, 2013 4:23 AM (in response to Robbie_DB)
I'm still getting this at least a couple times a week, and unforutnately it's sometimes followed up with a genuine "Your Apple ID password has been reset" email, forcing me to go in and change my password (which is a random set of numbers and letters). I don't click any links in the email, but instead go to the Apple website where, sure enough, my password is no longer mine.
What's going on with this? This is a pretty big security problem.
Currently Being ModeratedJul 22, 2013 11:10 AM (in response to David Karl)
I have received 2 emails today about resetting my password - 6 hours apart. I am very concerned because my apple id is a defunct email address last used about 10 years ago. I think apple has had a breach of security.
Currently Being ModeratedJul 22, 2013 12:34 PM (in response to Kiyohime)
I too am getting this emails about resetting my password. Something is clearly going on here. I'm somewhat glad it's not limited to me, since hopefully it'll make Apple move quickly to resolve whatever problem is obviously going on.
Currently Being ModeratedJul 22, 2013 1:52 PM (in response to Robbie_DB)
I received these emails too, but not on the primary emailaddress connected to my appleid. I don't remember ever receiving mail from my appleid on this emailaddress. Also normally the email is not in English but in my local language. That's why I have some doubts that it's real.
However, it had my name correct, I think, I already deleted the emails. Still a bit worried and changed my email password to something more complicated to be sure.
Currently Being ModeratedJul 22, 2013 2:04 PM (in response to Robbie_DB)
I have also been receiving these e-mails and like Welshgirlinsurrey I'm constantly being prompted for my password, but on a few occasions it has been wrong!!!! I have changed my password now so many times that I'm running out of ideas. Is it my phone, is it my apple id, am I being hacked??? Help
Currently Being ModeratedJul 22, 2013 4:01 PM (in response to Robbie_DB)
I was constantly being prompted by my password before I started getting the unsolicted password resets so I don't know if that's related.
I just enabled 2-step verification so we'll see if those emails stop. I assume my phone is going to blow up with verification codes so I'll know when someone was trying to get into my account but I'll be able to ignore it because they won't have my phone/recovery key. Really didn't want to have to input a code to buy a 0.99 cent song but I guess I don't have a choice.
Currently Being ModeratedJul 22, 2013 4:51 PM (in response to Robbie_DB)
Been getting this for the last few days. About 3 hours between e-mails.
First few times, I didn't think much of it. Checked my account, and no activity.
This is definitely a problem.
I would suggest a maximum of a certain amount of these requests, in a 72 hour period.
Say a maximum of 5.
That way Apple can start figuring out which ones may be compromised, and which ones are safe. At the very least, that might help.