iCloud security hole allows account hacking

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#1
The Verge is reporting that through a new security hole in the iCloud system, bad people are able to hack into your account knowing only your e-mail address and date of birth.

You're immune if you've enabled Apple's new two-step verification process; however, enabling it requires you to wait three days, for security reasons.

If you feel at risk, you can charge your birthday on icloud.com to something other than your real birthday, limiting your chances a potential hacker will get into your account.

UPDATE: Fixed.
 

jmp316

Evangelist
Gold
Jul 10, 2008
1,048
141
63
#6
It will be three days before they send you your verification code and security key. Or some kind of key.
They made me "print" a copy of my security key. I was given it online. What other key are you referring to?
 

Kadelic

Genius
Gold
Jan 4, 2010
4,935
1,645
113
Dallas, TX
#7
They made me "print" a copy of my security key. I was given it online. What other key are you referring to?
That's the key I was talking about. The email I received said I would be three days before I got my security key. Maybe they added the three day policy after you got yours, IDK?
 

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#14
Apple has begun sending iCloud e-mail alerts to users when their iCloud account is accessed via web. However, as one commenter on that story was quick to point out, if an intruder has accessed your iCloud web services, that means he or she has access to your iCloud e-mail and they could simply delete the alert e-mail from Apple. Somehow, this doesn't seem like one of Apple's brightest ideas.

I guess it would help if your Apple ID is set to something other than xxxxx@me.com or xxxxx@icloud.com.
 

Ledsteplin

Genius
Gold
Oct 29, 2013
4,804
982
113
65
Florence, AL
#15
Apple has begun sending iCloud e-mail alerts to users when their iCloud account is accessed via web. However, as one commenter on that story was quick to point out, if an intruder has accessed your iCloud web services, that means he or she has access to your iCloud e-mail and they could simply delete the alert e-mail from Apple. Somehow, this doesn't seem like one of Apple's brightest ideas.

I guess it would help if your Apple ID is set to something other than xxxxx@me.com or xxxxx@icloud.com.
There's no threat. Apple is doing this as a PR move. Period. It's called "perception". They hope to alleviate fears of using iCloud.