Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Someone is trying to hack into my Apple account

I just wanted to make mention of some forum questions I saw similar from earlier, like in June and July. It is now mid-October.


In the past couple weeks, on at least 3 occassions, I have received similar messages from apple, probably 3 each occassion.


Hello.

To reset your Apple ID security questions and answers, simply click the link below. It will take you to a web page where you can create a new set of security questions and answers.

Please note that the link will expire three hours after this email was sent.

Reset your Apple ID security questions and answers User uploaded file

Didn’t request to reset your security information? Someone may be attempting to claim c•••••@gmx.net as their own Apple ID. Please go to appleid.apple.com to reset your password immediately.

For more information, visit the Apple ID Support site.

Thanks,

Apple Support


--------


They have all referenced the same c******@gmx.net mail adddress. Two of the 3 messages I received last night were in German.


First time: I have a strong, unique password on my appleid account: a password more than 16 random upper/lower alpha, numeric and symbols, I keep in a password safe application.


The second time I got these messages last weekend, I added 2-step authentication to my Apple account.


Last night, after getting more regarding my challenge questions, I got concerned, so I changed my strong password to another, in case they had acquired my password when Apple's Developer servers got hacked in the recent past.


As far as I can tell, I am doing everything "right" about creating, using and protecting my account.


But do you know what a pain in the rear end this is, to change a single appleid password? Each of my devices - 2 macs, iPad, iPhone - I have to change the iCloud login under settings. I have to change the logins in third party apps - my email program for example. This is a freaking nightmare.


And what really ****** me off is you hear nothing from Apple on this. They don't mention squat about what got hacked, and who's vulnerable. But someone got a hold of my account some how and is trying to complete the job and break into it.


Is there something else I should do?

iMac, OS X Mountain Lion (10.8.4), Bluetooth, trackpad issue

Posted on Oct 10, 2013 6:16 PM

Reply
12 replies
Sort By: 

Mar 25, 2017 6:59 AM in response to cstar4004

Did this finally stop for you ? Did you ever find out who was doing this? The same thing has been happening to me for a couple of weeks. I finally had to change my Apple ID cause I couldn't think of anymore passwords! Now, four days into the new Apple ID, IT HAPPENED AGAIN! This is a brand new email set up this week. I'm now thinking a phone on this account may have a virus? But we have never used a jailbroken phone. Can this even happen???

Reply

Apr 14, 2017 3:07 PM in response to KOliee

After changing our Apple ID, we enjoyed about three days with the same password before it started happening again. We have determined there is a virus of some sort on my sons iPhone even though it is not a jail broken phone. Our guess is he went to a site while surfing the web (he is 17 and uses his phone to avoid our firewalls) which installed a virus. As long as he doesn't sign into the cloud, all is fine. I think we will be resetting his phone to see if that resolves it. If we find a solution we will post it. This is so frustrating!! I wish Apple cared about this a bit more.

Reply

Apr 14, 2017 11:46 PM in response to khgaf

We have determined there is a virus of some sort on my sons iPhone even though it is not a jail broken phone.


Assuming his device is not in reality, jailbroken, there are no known viruses for an up-to-date-iOS device. How do you know for certain it's not jailbroken?


He may have installed a profile which allowed him to "side-load" apps outside of the iOS App store. This may introduce apps that are capable of harm. So, not a virus, but also not an app that went through Apple's typical vetting process.


Profiles are meant to allow app developers to have users get their app pre-release for testing purposes. Before it's on the App store.


Apple cares but can't possibly control all the 17 year olds that use their devices.


Adding 2FA should effectively end this for you. There may still be attempts on your Apple ID, but instead of locking your account, the "attacker" faces the demand for a verification code. Once they fail this step, your account is not locked.


You may get real time notices of attempts, which is annoying, but no locked account.


Stop sharing an Apple ID with him is another advocated resolution. They should not be shared these days. there really shouldn't be an "our Apple ID"

Reply

Oct 10, 2013 7:02 PM in response to chuckfromgreenville

Is there something else I should do?


You are doing everything right and you haven't been hacked. The only action you have not yet taken is to change your Apple ID.


It is very likely that someone is convinced your Apple ID is really theirs, and they're repeatedly attempting to reset their password. They click on the link to send an email to have it reset. You get the email with the link to reset it. If you did not request your password to be reset, the obvious thing to do is to ignore it.


Far from concluding this is a security flaw, it validates Apple's account security. By not responding to the email, you effectively prevented whoever is initiating the password reset request from getting any further.


It's a good idea to change your Apple ID password once in a while, but you do not have to change your password every time you get an email like that. Ignore it, but you will continue to get the email every time some hapless individual thinks your email address is their Apple ID. This can occur to anyone, as long as Apple uses email addresses for Apple IDs.


Safeguard your Apple ID just like you would any other personal information. It's probably not a good idea to use the usual email address you publicly use.

Reply

Oct 10, 2013 7:48 PM in response to John Galt

This may be so - in that someone thinks my appleID is theirs; however


My appleID is unique (diff. from the ID I use on this forum), in that it is same ID that was available on Facebook, on Google, on Yahoo, available for domain registrations (.net, .com, .org, .me, .whatever), same as on Tumblr, or Twitter, or in fact any social network site I visit, any forum or developer website. I have not found this User ID in use on any other website I have created a login account. I have never had to add numbers or anything else to this ID in order to register on any other website.


So I find it strange that someone thinks this ID is theirs, or similar enough that they keep trying to reset the password.


I am also careful not to respond to spam solicitations, the email harvesters. However, its possible someone obtained my email/appleID via such methods, some email. I do believe they are now using it to try to gain access to my AppleID account.

Reply

Oct 10, 2013 8:08 PM in response to chuckfromgreenville

Sure, malicious intent is certainly possible. They'll eventually grow tired of it.


You might try contacting iTunes Store Support. Start here:


http://www.apple.com/support/itunes/contact/


... and navigate until you arrive at the page shown below. Click the circled button.


User uploaded file

Reply

Oct 10, 2013 11:40 PM in response to chuckfromgreenville

If I understand you correctly the address which forms your Apple ID is not an @mac.com, @me.com or @icloud.com address - this being so you can change it at http://appleid.apple.com - I should get another email address, perhaps a free one from Gmail, which you could make a meaningless username, and change the ID to that. If someone's trying to log in with the existing ID doing so will put a stop to it.


Changing your Apple IDFirstly, if you have 'Find My iPhone/iPad/iMac' enabled on any of your devices, turn it off.


Create a new email address, for example at Yahoo or Gmail, or anywhere convenient (or you can use an existing address asa long as it has never been associated with an Apple ID).


Go to http://appleid.apple.com and click 'Manage your Apple ID'. Sign in with the current ID.


Where it says 'Apple ID and primary email address' and gives your current ID email address, click 'edit'.


Enter your new address and click 'Save changes'.


Now you will need to go to each of your devices and sign out in System Preferences (or Settings)>iCloud - 'Sign out' on a Mac, 'Delete this account' on an iOS device (this will not delete the account from the server).


Then sign back in with your new ID. Your iCloud data will disappear from your devices when you sign out, but reappear when you sign back in.


I re-iterate: before you start, turn off 'Find My Mac' (or whatever) or you will need the services of Support.

Reply

Nov 7, 2016 8:27 AM in response to chuckfromgreenville

This happened to me as well. I am constantly getting locked out of my account and asked to change my password and verify security questions.


I keep getting a message on my phone that someone has tpp many failed login attempts.


I than got a random text message in Chinese, that roughly translated to "Liar, pig ancestor". I responded, "stop trying to steal my Apple ID, i will call the authorities."


The problem stopped for a week or two, and now Im beeing locked out again....

Reply

Someone is trying to hack into my Apple account

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.