Icloud account just got hacked

It's both encouraging and discouraging seeing so many people posting the same problem in the past day or so here. It's encouraging because it further strenghens my belief that the issue is not that some malevant individual accessed my account by somehow guessing or brute forcing his/her way through my pseudoly randomly generated 15 alapha-numeric character password. It's discouraging because that indicates that Apple's servers most likely got hacked, which presents a much more systemic and insidious security issue.

Again, everyone who this happens to, please call Apple (1-800-263-3394). I can practically gurantee that they are not monitoring these forums, so if no one is calling them, they're not going to be aware of the problem. If this is a more systemic and insidious issue, they need to be aware of it to stop it.

Please note, given my discussion with the Apple rep on the phone, they may try to tell you you are being phished and it isn't really your email account that is sending the spam. Make sure they understand that the spam is in your "Sent" folder and is being sent from your account. They need to understand that your account was actually hijacked.

iCloud data also lives on your machine or device. If you have sneaky apps or malicious software, your contacts could be harvested locally. There is no proof that Apple's iCloud servers were hacks. There is proof that both sneaky apps and malicious software exist.

Exactly the same thing happend to me, only me contact list too.

While I don't use it, its automatically present here on OSX yet my OSX machine is protected through antivirus and additional security measures which ensure the system integrity constantly.

Also it does not seem like someone really got hold of my account as no transactions took place against any of the Apple stores.

Lucky enough access to my icloud account got blocked, I guess the fact that the apple dev connection is in my mailing list triggered an action on their end after they got spamed too 😉

While I Agree with you that there is no proof of an iCloud breach (and lets face it, if it happened - Apple probably would probably not acknowledge it unless it concerns millions of accounts) - the thought that everyone here downloaded the same malicious app which uses their iCloud contacts (not gmail or exchange for my part, just iCloud) to send the same type of spam seems a bit too coincidental.

What really scares me, if iCloud has been breached, is the amount of sensitive data that could be stolen and abused - not to mention the GPS tracking feature :/

Ignore his response, he answered without knowing the details of the issue at hand.. As long as unknown spam mails are in your sendt folder in iCloud - some intruders have broken into your account one way or another. Creepy stuff...

etresoft wrote:

iCloud data also lives on your machine or device. If you have sneaky apps or malicious software, your contacts could be harvested locally. There is no proof that Apple's iCloud servers were hacks. There is proof that both sneaky apps and malicious software exist.

Yes, it is very true that sneaky apps and malicious software do exist, and that was the first thing I considered when I learned that my account had been used to send spam, as it did not seem likely that someone had gained access to my account through guessing or brute force. So, I thought "uh oh, I picked up a keylogging piece of malware." However, this seems highly unlikely to be the case for several reasons.

1) In addition to using a firewall and being extremly careful with how I use my technology (I worked in IT providing, among other things, network security consulting for a number of years, so I learned a few things about staying safe online), I run security software on my computer. It is always running in the background, and I have it scheduled to also do an entire system scan once a week. I do also regularly check what processes are running, and everything is as it should be. Although malware does exist that can escape the notice of even the best security software, I feel confident that my computer is not compromised.

2) I never use icloud.com, have never used my @me email address on any device, and do not allow my web browser to retain log-in data for any website. Thus, even if I did have a keylogging piece of malware on my computer, it would not have had the opportunity to grab my iCloud password. Furthermore, I used a unique password for my iCloud account, so a malicious program could not have harvested a password for a seperate account that I use more often and applied it to iCloud.

3) There are a small group of users who report identical behavior in this thread, however I doubt that this represents everyone who has been compromised. Indeed, when I worked in IT, had we seen a pattern of even this size emerge in terms of nefarious network behavior, we wouldn't have paniced or assumed that we had been compromised, but we would have flagged the issue for further review, which is what I would like Apple to do, just to be safe.

This is why I want people with this issue to call Apple and let them know if their account has been hijacked. Yes, there are many possible explanations for what has happened, and iCloud servers being compromised is only one possible scenario. As users, we are not able to determine for sure what has happened, but letting Apple know about the problem at least ensures that if a pattern does emerge suggestive of nefarious activity, they can detect and counter it.

I must have called Apple more than ten times in the past 30 minutes. No one answers! It just keeps on ringing. I will continue calling.

I take security breach seriously and it is unsettling that Apple might not heed this issue. This happened once to my hotmail account and they promptly responded to the threat.

clroxas wrote:

I must have called Apple more than ten times in the past 30 minutes. No one answers! It just keeps on ringing. I will continue calling.

I take security breach seriously and it is unsettling that Apple might not heed this issue. This happened once to my hotmail account and they promptly responded to the threat.

If there is anything guaranteed, it is that Apple takes security issues very seriously. I'm sure they are already looking at it. I only found this thread from reading about it on some other blog. Contrary to what the media and Apple's competitors want people to believe, Apple is on top of any potential security issue and will do everything they can to find and correct it. The first step is to find out exactly what happened and that is likely to take a while.

etresoft wrote:

clroxas wrote:

I must have called Apple more than ten times in the past 30 minutes. No one answers! It just keeps on ringing. I will continue calling.

I take security breach seriously and it is unsettling that Apple might not heed this issue. This happened once to my hotmail account and they promptly responded to the threat.

If there is anything guaranteed, it is that Apple takes security issues very seriously. I'm sure they are already looking at it. I only found this thread from reading about it on some other blog. Contrary to what the media and Apple's competitors want people to believe, Apple is on top of any potential security issue and will do everything they can to find and correct it. The first step is to find out exactly what happened and that is likely to take a while.

In your opinion, what steps can we take at this point to prevent further hijacked sending of spam mail aside from the following steps that I have taken?

1) Deleted all contacts in iCloud.

2) Changed password in my account.

3) Logged out of iCloud from all my devices.

4) Scanned my computer (not iphone) for any malicious programs.

5) Disabled contacts and email syncing.

While it's possible it could be an application on an IOS device, I haven't installed anything other than mainstream applications that I'm pretty sure a large number of IOS users use. If it's Angry Birds, we're all *screwed*.

As far as keyloggers and the like go, I doubt those too. While possible, my main machine is a FreeBSD (Not Mac OSX, real FreeBSD) desktop. Are keyloggers possibly an issue? Sure, but I doubt it. I've done some digging and found nothing. My Windows machine hasn't been on in a while until yesterday after the spam was sent out. I've checked this machine also using some LiveCDs, and found nothing of significance.

If the Apple mail servers were not compromised in some way, I'm beginning to suspect maybe some vulnerability on my phone. It's possible that some website exploited Safari in some way to use information present on my iPhone, as I was using it to browse some websites yesterday.

Unfortunately, it seems to be the general consensus on the Internet (See http://forums.appleinsider.com/t/150147/users-raise-questions-about-apples-secur ity-after-icloud-hacks) that we were scammed somehow, or duped into giving up our passwords. I find it strange that the long headers on the sent mail show that they were sent via MobileMe Webmail. Seems to imply that the SPAM was sent via the webmail interface and not directly via Apple's SMTP servers.

clroxas wrote:

In your opinion, what steps can we take at this point to prevent further hijacked sending of spam mail aside from the following steps that I have taken?

I'm not an Apple employee or representative. I'm just some dude on the internet.

All I can tell you to do is just check your sent mail on icloud.com. The only way to definitively say someone else has been in your icloud account is if there are sent messages there that you didn't send. If people report being spammed by you, that may not mean anything. I spam myself on a regular basis.

Changing your password is always a good idea and can't hurt. It is a good idea to change passwords on a regular basis anyway.

I see no point in removing anything from iCloud. If you have already been hacked, then they have your contacts. What are you trying to hide now? Otherwise, don't worry too much about it. Logging out won't help either. If you have some evidence, just submit it to Apple so they can track it down.

tsnow20 wrote:

Unfortunately, it seems to be the general consensus on the Internet (See http://forums.appleinsider.com/t/150147/users-raise-questions-about-apples-secur ity-after-icloud-hacks) that we were scammed somehow, or duped into giving up our passwords. I find it strange that the long headers on the sent mail show that they were sent via MobileMe Webmail. Seems to imply that the SPAM was sent via the webmail interface and not directly via Apple's SMTP servers.

That's where I found this thread. Now I'm just waiting for it to get repeated all over the internet. Any story about Apple gets headlines. Bonus points if security is involved.

At this point, all anyone can do is speculate. If anyone has send messages in icloud.com, then they need to contact Apple. They are the only ones who can figure out what is really going on, if anything.

etresoft wrote:

.....

I see no point in removing anything from iCloud. If you have already been hacked, then they have your contacts. What are you trying to hide now? Otherwise, don't worry too much about it. Logging out won't help either. If you have some evidence, just submit it to Apple so they can track it down.

The problem is the email sent all over also includes all the CC. My wife found out that I still have my ex-wife's email and other friends, inadvertently of course. Personal as it may seem, my privacy has been compromised involuntarily. Of course, I just made some technical jargon excuse that she did not buy at all.

clroxas wrote:

The problem is the email sent all over also includes all the CC. My wife found out that I still have my ex-wife's email and other friends, inadvertently of course. Personal as it may seem, my privacy has been compromised involuntarily. Of course, I just made some technical jargon excuse that she did not buy at all.

Yes, that is a problem. But just because you remove your contacts from icloud now doesn't mean the spammers are going to remove them from their database. Otherwise, all you are doing is denying yourself convenient use of your contacts. The damage is done. Change your password and move on. If it really is a security breach, Apple will patch it, tell you to change your password again, and everyone moves on.

Nobody's perfect. No one ever claimed Apple was. We just claim that Apple gets closer to the goal of perfection than anyone else. 28 posts in a support forum thread isn't going to change that.

Just adding my voice that I got hit as well.

-Eric