PMA9458 wrote:
Thanks for the quick response!
I definitely did not select that profile pic and have no clue where it came from.
Would we be having this discussion if you remembered making the change?
Probably not, right?
It used to be an image I actually selected.
Would you be having similar concerns if the default icon showed changed?
Probably so, right?
Is corruption the same as hacked?
A data corruption can arise from a software error, or a hardware error. Corruptions are unfortunately an aspect of computing, and ypu’ve probably already met unreadable files or garbled data. Those would be some of the examples of corruptions.
Sorry not familiar with terms here.
Please do not apologize for learning something new. You are clearly unfamiliar with computers and related jargon, and may well be unfamiliar with English and its technical vernacular.
As mentioned above, proving you’re not hacked is basically impossible. Proving a negative is a difficult undertaking, at best.
Is a changed login icon clear evidence of a malicious change made by a nefariously-inclined hacker? Probably not.
What are the possible causes of the login icon change?
- You made the change, and either didn’t realize the change was made, or made the change and then forgot. While that might seem unlikely, it is a case I’ve met in more than a few engagements with some folks.
- Somebody else local with access to an unlocked Mac or with your password or Apple ID made the change as a prank or such.
- There was a data corruption here. These data corruptions can arise from various causes, including memory errors with various causes including cosmic rays (yes, really), software bugs, and hardware bugs. While we might wish our hardware and our operating system and our apps to be flawless, and might wish our hardware be proof against transient errors, that is far from the reality that we reside within.
- You got hacked by somebody that has then made an unusually benign change. This case is possible certainly, but the cases of, for instance, data corruptions, or of folks making and then forgetting they themselves made the change have been far more numerous in my experience.
Here, the most likely cause is probably a data corruption, if not a change made by somebody locally.
If you want to look at your own security for a potential compromise, that gets into rather more effort, both around changing passwords and tokens and the rest, and rebuilding your whole environment. Rebuilding? Yes. you can't assume that there is no backdoor also left by someone with access into the user database to change that icon. They would have full system access, which means restoring a backup would potentially restore the backdoor.
And again, it’s basically impossible to prove that there is no compromise of your Mac.
Is a malicious compromise likely? No. Can anybody here prove that? Also no.
Here is an intro into what preferably happens after an Apple ID is compromised:
Depending on the particular situation and details, this can get into far more work.
TL;DR: life is uncertain.
