I am constatnly getting 'reset apple id' emails.
Yesterday I got a notification that someone in Taiwan had downloaded Throne Wars on another device not associated with my account - luckily a free download so I cahsnged my password straight away.
today so far I have had 7 emails about resetting my apple id.
Who do i report it to!? What can be done?
Thanks
another fantasy of slot victim...Sigh....
Yesterday I had two free game purchased (panda pop & candy heroes) from Taiwan as well. Did not know it, only saw the email about Panda Pop this morning being downloaded from a device that had not been previously associated with my acount.
What is interesting is that after that email had been received (about 1:30 pm), I was leaving the house about 6pm and was checking my Mac Air, I got a message about my iCloud session being timed out, and when I went to go re-sign in, it REQUIRED me to change my password. I have never seen the iCloud session expire before or a password change being required for an expired session. So I wonder if they have implemented some security if they suspect a person has been hit with this hack?
Panda pop seems to be the latest app to be downloaded after Apple ID compromise - just seen nearly 10 tweets from people in the last 2 days on this. I've asked them all to take a trip over here and add their stories, if they can.
I know Apple won't respond on here, but your story is *fascinating*. I work in IT - communications tech, mainly, but I know a bit about comms protocols, databases etc. The fact that you were required to change your iCloud password (i.e. your Apple ID password - they're the same thing) looks like a dead giveaway. I've never had my own Apple ID demand I change my password, ever.
If I read that right, this means Apple knows what's going on, and they're trying to handle it (at this stage) by manipulating Apple ID accounts such that they're not locked, they just demand a password change from known devices.
In my opinion, if that's the case, it a half-arsed approach. They should just lock the accounts if they've detected what they (now?) deem suspicious behaviour. The Apple ID holder will soon notice if their account is locked and get in touch with apple direct.
Otherwise, you're still leaving the account open to abuse: if the Apple account owner is required to go to an apple store and prove their identity to unlock the account (or some other form of ID check) then security would be more assured.
This has been happening to me too
I think that (at least in my case) the hacker was able to access my mail account.
Before being hacked (in december 2013) my Apple ID password didn't work anymore, I reset it without thinking too much of it.
After a few days it didn't work again and I received a mail saying that a free app was purchased with my ID from Taiwan.
I went back to my mails and I saw that in the previous couple of days I received mails from Apple explaining 'how to reset my password'. I never asked to reset it so often.
So, probably, the hacker entered my Apple ID account and asked to reset my password, then went to my personal e-mail and followed the link in Apple's mail to reset.
When I realized that, I modified my e-mail password as well as the Apple ID password. Since then have still seen a couple of mails from Apple explaining 'how to reset my password' (so the hacker is still hacking) but my new password has not changed (and I had no more purchases).
So, a suggestion, if in doubt change your mail password as well.
I think this is still in play. Received a notice that my apple ID was signed in on <device name>. I immediately changed the password and security questions, and will now be watching my credit card account. Additionally, signed up for two factor authentication, but that takes 3 days (really???).
Is there a way to force the device that used my apple ID out of their session?
Need to bypassed old Apple ID on
reset apple id emails someone trying to hack my account
