iCloud security hole allows account hacking

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,254
113
45
Miami, Florida
#1
The Verge is reporting that through a new security hole in the iCloud system, bad people are able to hack into your account knowing only your e-mail address and date of birth.

You're immune if you've enabled Apple's new two-step verification process; however, enabling it requires you to wait three days, for security reasons.

If you feel at risk, you can charge your birthday on icloud.com to something other than your real birthday, limiting your chances a potential hacker will get into your account.

UPDATE: Fixed.
 

jmp316

Evangelist
Gold
Jul 10, 2008
1,048
141
63
#3
I don't know about the 3 days, I set up the two step verification in about 5 minutes...
 

Kadelic

Genius
Gold
Jan 4, 2010
4,945
1,646
113
Dallas, TX
#4
Thanks y'all, I just set up the two step process for my account. :)
 

jmp316

Evangelist
Gold
Jul 10, 2008
1,048
141
63
#6
It will be three days before they send you your verification code and security key. Or some kind of key.
They made me "print" a copy of my security key. I was given it online. What other key are you referring to?
 

Kadelic

Genius
Gold
Jan 4, 2010
4,945
1,646
113
Dallas, TX
#7
They made me "print" a copy of my security key. I was given it online. What other key are you referring to?
That's the key I was talking about. The email I received said I would be three days before I got my security key. Maybe they added the three day policy after you got yours, IDK?
 

RoofMonkey

Genius
Gold
Jun 21, 2010
8,891
2,057
113
Florida
#8
That's the key I was talking about. The email I received said I would be three days before I got my security key. Maybe they added the three day policy after you got yours, IDK?
I also received the same email... Having to wait 3 days
 

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,254
113
45
Miami, Florida
#9
I want a countdown timer instead of a definite point in time. À la Mailbox.
 

Europa

Moderator
Senior Moderator
Dec 12, 2008
28,453
5,578
113
Utah
#11
It said I have to wait three days as well.
 

jmp316

Evangelist
Gold
Jul 10, 2008
1,048
141
63
#13
I got mine in about five minutes. They made me re-enter it just to make sure I wrote it down.
This is how I received it as well. Wondering why some have to wait 3 days...
 

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,254
113
45
Miami, Florida
#14
Apple has begun sending iCloud e-mail alerts to users when their iCloud account is accessed via web. However, as one commenter on that story was quick to point out, if an intruder has accessed your iCloud web services, that means he or she has access to your iCloud e-mail and they could simply delete the alert e-mail from Apple. Somehow, this doesn't seem like one of Apple's brightest ideas.

I guess it would help if your Apple ID is set to something other than xxxxx@me.com or xxxxx@icloud.com.
 

Ledsteplin

Genius
Gold
Oct 29, 2013
4,843
997
113
65
Florence, AL
#15
Apple has begun sending iCloud e-mail alerts to users when their iCloud account is accessed via web. However, as one commenter on that story was quick to point out, if an intruder has accessed your iCloud web services, that means he or she has access to your iCloud e-mail and they could simply delete the alert e-mail from Apple. Somehow, this doesn't seem like one of Apple's brightest ideas.

I guess it would help if your Apple ID is set to something other than xxxxx@me.com or xxxxx@icloud.com.
There's no threat. Apple is doing this as a PR move. Period. It's called "perception". They hope to alleviate fears of using iCloud.