or Connect
AppleInsider › Forums › General › General Discussion › Apple ID security bolstered, forums taken offline after apparent hack
New Posts  All Forums:Forum Nav:

Apple ID security bolstered, forums taken offline after apparent hack

post #1 of 12
Thread Starter 
Apple's online support discussion forums were taken offline this weekend after the site was apparently targeted by a malicious attack. The company has also increased its Apple ID account security (which is shared by iTunes) following earlier account fraud.

Discussions taken offline

Users reported that the company's official support discussion pages were unavailable on Saturday after the site first presented the message "for fun, by tojen," without any other content (pictured below).

Following the apparent hack, the site was redirected to a "backsoon/discussionstempaway" URL that simply stateed, "we're sorry, Apple Discussions is temporarily unavailable. We'll be back soon. Until then, please visit http://www.apple.com/support"

The discussion site appeared to remain offline throughout the weekend for some users who entered the discussions.apple.com URL manually or arrived using a saved bookmark, but direct links to discussion forum threads continued to work and entering the discussion site through Apple's support links also seemed to work normally.

This suggests the attack may have targeted external DNS servers or Apple's content delivery partners, sending users to an incorrect or outdated address of compromised servers that had been taken offline.



Increased security measures for iTunes accounts

Some users expressed concern about having logged into the support site using their Apple ID, which for many users is shared with their credit card linked iTunes account and therefore could be used to make fraudulent purchases if the account information were actually intercepted by a third party.

To avoid any concerns, users can review their iTunes purchases for unauthorized transactions and change their account passwords. A relatively small number of iTunes accounts were targeted by fraud in July, resulting in the inflated popularity of a specific developer's apps. Apple subsequently removed the developer from iTunes.

Apple has also increased the security of iTunes accounts, requiring users to verify their account information when they log into new devices (and associate their iTunes account with that Mac, Apple TV, iPhone, iPod Touch, or iPad), and now requires that new iTunes account passwords include at least 8 characters with mixed capitalization. Logging into certain devices, including Apple TV, now prompts users to update their password to the new minimum security standard.
post #2 of 12
It's time that an iTunes account (for a specific ID) was able to have different password that the one used for email etc.

I know I can create a different one just for iTunes but that breaks integration with iPhone stuff (email, FindMyiPhone, etc)
post #3 of 12
I am always careful.
post #4 of 12
Quote:
Originally Posted by ghostface147 View Post

I am always careful.

The problem here is that using this method, a clever hacker could easily have inserted a phishing page into the genuine Apple site, and no one would have been the wiser. Scary!
post #5 of 12
Quote:
Originally Posted by tonton View Post

The problem here is that using this method, a clever hacker could easily have inserted a phishing page into the genuine Apple site, and no one would have been the wiser. Scary!

I don't think it would have progressed that far. \
iPhone 4 32GB (black), iPod touch 32GB, iPad Wi-Fi + 3G 64GB, iPod classic 80 GB (white) 160GB (black), 2x 5th gen iPod 30GB (black + white), iMac 27", MacBook Pro 17", Time Capsule 1TB, Apple TV
Reply
iPhone 4 32GB (black), iPod touch 32GB, iPad Wi-Fi + 3G 64GB, iPod classic 80 GB (white) 160GB (black), 2x 5th gen iPod 30GB (black + white), iMac 27", MacBook Pro 17", Time Capsule 1TB, Apple TV
Reply
post #6 of 12
Apple needs to rehire their server expert, Chuq Von Rospach!
post #7 of 12
A hacked company website -- even if modest -- deserves some kind of communiqué from a Fortune 100 company. I hope Apple issues a statement tomorrow that acknowledges the problem and describes the nature and impact to its users, if any. I'm not looking to be placated; rather, I just don't want a public instance of a security symptom swept under the rug -- otherwise, it undermines public confidence at the effort behind the veil of security.
post #8 of 12
The Apple Learning Interchange was hacked last year around this same time. An E-Mail was sent out stating that some IDs and passwords may have been revealed and to take caution. They're closing the ALI in September and sending people over to iTunes U instead.

I just deleted the hack warning E-Mail a couple weeks ago, otherwise I'd give a more thorough description. I hadn't logged into my account since 2005 maybe, so I can't remember if they integrated it into Apple's universal ID system or not, but I don't think they did. Given the incredibly low traffic the ALI had and its seeming abandonment by Apple I sort of understood how a security lapse could happen.
post #9 of 12
Quote:
Originally Posted by AppleInsider View Post

To avoid any concerns, users can review their iTunes purchases for unauthorized transactions and change their account passwords..


Steve should make us change our passwords on a weekly basis to prevent Apple from looking bad.
post #10 of 12
Funny, this is not on that other site at all that claims to have everything first.

Seems that a few things are either falling through the cracks or we are just hearing about these incidents now days.
post #11 of 12
Quote:
Originally Posted by plovell View Post

It's time that an iTunes account (for a specific ID) was able to have different password that the one used for email etc.

I know I can create a different one just for iTunes but that breaks integration with iPhone stuff (email, FindMyiPhone, etc)

I'd like to see Apple support paypal as a form of payment vs credit card.

The site hack though is so much more complex. It could just as easily have been a specific ISP that was targeted, maybe "tojan" figured out his ISP hadn't installed the latest DNS patches and decided to have some fun.

If it is revealed that Apple's DNS or hosting service was hacked this would be quite embarrassing though. All in all I hope incidents like this help Apple to see they aren't invincible and that they must always have a proactive and not reactive approach.
post #12 of 12
Quote:
Originally Posted by iGod 2.0 View Post

I don't think it would have progressed that far. \

well its a good thing you're not doing the thinking because that's the quickest easiest way to collect information.
Groupthink is bad, mkay. Think Different is the motto.
Reply
Groupthink is bad, mkay. Think Different is the motto.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple ID security bolstered, forums taken offline after apparent hack