You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

💡 Did you know?

⏺ If you can't accept iCloud Terms and Conditions... Learn more >

⏺ If you don't see your iCloud notes in the Notes app... Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Icloud account just got hacked

I just received a bunch of emails from my friends saying that they got a spam email from my "me.com" account address.


What the heck is going on here? Nothing else was messed with on my account, just a bunch of random spam emails in my sent box.

Posted on May 16, 2012 4:37 PM

Reply
136 replies

May 16, 2012 4:51 PM in response to Kallidoan

This happened to me too about 30 minutes ago. I never use my @me email for anything, and I gurantee someone didn't break into the account by guessing my password (or brute force methods) - it's a pseudoly randomly generated string of 15 numbers, letters (upper and lower case), and symbols (I worked in IT for many years and am perhaps overly zealous about password security, which makes memorization a real pain). I'm worried that Apple's iCloud servers themselves got hacked, as I see there are a few other people on the forums who are reporting that their account was used for spam in the past few hours.


Just to verify, my account sent spam about "making money on your home computer" which is what another user on this forum has reported. Is that what your account was sending? If we're all sending the same spam, that doesn't bode well...

May 16, 2012 6:05 PM in response to solargaze

Exact same thing happened to me as well. It sent out a bunch of spam mails to people in my address book via the me.com mail - including my own gmail account. Funny thing is I have never used it. I have been logged in to me.com/iCloud only once I believe, and that was last summer.


It seems weird, but somehow they managed to send out all those messages about making money doing this and that. When I checked the sent box on the website they were all there, sent to pretty much every contact on my iPhone.


Just to be on the safe side I changed the password to something even more difficult than the previous one I had. Pretty much the same deal as solargaze; letters, symbols, numbers, upper and lower case - about 15 of them.

May 16, 2012 6:46 PM in response to Kallidoan

Just had the same problem. I'm an IT professional with 10 years experience, and wouldn't fall for a phishing scam even on my drunkest of days. No, my password wasn't guessed either. Trust me.


114.181.130.212 (i114-181-130-212.s05.a013.ap.plala.or.jp) shows in the long headers for the outgoing mail as the sending IP address. I changed my password immediately after receiving some of the spam back to my icloud account (I had it on my contacts list).


These were contacts ONLY in icloud, I might add. I have a great deal many more contacts in Outlook / Thunderbird, none of which were spammed. Even stranger, I have access to several of the accounts the spam was supposedly sent to, and none of them show these messages in either Junk / Spam folders or Inbox. I'm wondering if some upstream mail server might be quarantining some of this, but who knows.


What the eff is going on here, Apple?

May 16, 2012 8:20 PM in response to tsnow20

I called Apple to let them know what had happened with my account and explained to them that my password was not simply "guessed" as guessing a long string of pseudo randomly generated letters, numbers, and characters is not likely. The guy I talked to said they had no other reports of such an issue but would make a note of it in case other reports came in and a pattern emerged. So, I encourage anyone who this has happened to to contact Apple via phone and let them know that it's an issue. I notice since then my iCloud account has been deactivated and has needed to be reset, and that even after resetting, my @me email account is not available, so I am suspicious that Apple probably is aware of an issue and is being hush hush about it. But still, please call Apple if this has happened to you (they can be reached at 1-800-263-3394), and be sure to tell them that it isn't phishing, but that the email is definitely coming from your account and you can see it in your "Sent" folder.


The scary thing is, if someone didn't guess (or brute force) the password (which, at least in my case, I'd be shocked if they did, because that would be one heck of a lucky guess), it means they got access to our accounts through some other exploit that bypassed the password. I'd like to know how this happened, and what, if any, of my other Apple information they might have accessed. If they didn't guess the password but rather somehow bypassed the passowrd, then changing a password doesn't guarantee safety of the account.

May 16, 2012 9:35 PM in response to kroser

SPAM messages are sitting in my sent mailbox when I log into icloud.com, however, I don't see these messages sitting in the sent box for Outlook using IMAP. Also, I've been checking the other mailboxes some of the SPAM was sent to, and none of them have received any of the messages. These are all on different domains, so I suspect something else is going on here.


Perhaps:


  1. Apple deferred sending more messages because the IP address using my account had already sent enough messages to exceed some quota (and will still send these messages out, eventually?)
  2. Apple caught the spam at the server, and never sent the mail out. The reason I received a copy of the spam was because I @me address as a contact, so the mail would've been a local delivery on Apple's servers.


Just to clarify further, the spam showed my @mac address as the sending e-mail address. I saw subjects similar / exactly like the ones solargaze described.

May 16, 2012 11:59 PM in response to tsnow20

Yep I to got hacked last night.


Every contact in my address book got spammed - all the emails have a similar header


Subject: Re:

Date: 16 2012 17:58:55

X-Mailer: MobileMe Mail (1J25+8525)

X-Originating-IP: [202.147.217.223]

Message-id: <fca3f77d-04a0-4158-ef93-df4b1752e79a@me.com>

Content-Type: multipart/alternative; boundary=Apple-Webmail-42--6a4db092-507b-6e83-a088-b20340ac2bb0

MIME-Version: 1.0


I do not use my icloud email for anything.


Is there a way to disable sending email from the icloud account?


I have changed my icloud password.


Cheers David

May 17, 2012 2:15 AM in response to Kallidoan

same here, never used the iCloud e-mail account for anything (and I hate that apple forces it on you) but suddenly everyone in my contact list have received spam mails from that @me.com address...


has apple been breached perhaps? It seems as though several of the users here have had strict passwiord policies (as have I).


Or maybe there is a vulnerability in the iOS software that somehow leaks these details




EDIT:


Upon logging onto icloud.com I can see that my sent folder contains 45 sent emails, with several recipients, spamming everyone in my contact list with some BS job offer.


The worst part is that iCloud has NO security info whatsoever, I cant find last log on time, last logon IP or nothing of the sorts..


It is incredible how much apple ***** when it comes to security options for end users ... I would love to get some info regarding how this hack has been done, but they do NOT make it easy ,,,


Message was edited by: øivindfromoslo

May 17, 2012 2:45 AM in response to øivindfromoslo

OK so I got a hold of a support rep at apple who helped me remove all my contacts from iCloud (don`t wanna use that service anymore after this experience).


I reccomend everyone to have their iCloud account shut down or atleast remove their contacts from iCloud.com as it does not seem like apple can do very much about this issue.


I suspect that the entire issue is caused by some weakness on apple´s end - either in the icloud.com logon part or in the iOS software (one might be able to extract iCloud logon info with a specifically crafted website or something, who knows).


I havent logged into the icloud.com site for 6 months and never use the @me.com account so I´m pretty sure that this issue is something that Apple must look into and solve, I don´t believe that its poor security practices by icloud users that is to blame here....

Icloud account just got hacked

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.