Apple ID security bolstered, forums taken offline after apparent hack

Posted:
in General Discussion edited January 2014
Apple's online support discussion forums were taken offline this weekend after the site was apparently targeted by a malicious attack. The company has also increased its Apple ID account security (which is shared by iTunes) following earlier account fraud.



Discussions taken offline



Users reported that the company's official support discussion pages were unavailable on Saturday after the site first presented the message "for fun, by tojen," without any other content (pictured below).



Following the apparent hack, the site was redirected to a "backsoon/discussionstempaway" URL that simply stateed, "we're sorry, Apple Discussions is temporarily unavailable. We'll be back soon. Until then, please visit http://www.apple.com/support";



The discussion site appeared to remain offline throughout the weekend for some users who entered the discussions.apple.com URL manually or arrived using a saved bookmark, but direct links to discussion forum threads continued to work and entering the discussion site through Apple's support links also seemed to work normally.



This suggests the attack may have targeted external DNS servers or Apple's content delivery partners, sending users to an incorrect or outdated address of compromised servers that had been taken offline.







Increased security measures for iTunes accounts



Some users expressed concern about having logged into the support site using their Apple ID, which for many users is shared with their credit card linked iTunes account and therefore could be used to make fraudulent purchases if the account information were actually intercepted by a third party.



To avoid any concerns, users can review their iTunes purchases for unauthorized transactions and change their account passwords. A relatively small number of iTunes accounts were targeted by fraud in July, resulting in the inflated popularity of a specific developer's apps. Apple subsequently removed the developer from iTunes.



Apple has also increased the security of iTunes accounts, requiring users to verify their account information when they log into new devices (and associate their iTunes account with that Mac, Apple TV, iPhone, iPod Touch, or iPad), and now requires that new iTunes account passwords include at least 8 characters with mixed capitalization. Logging into certain devices, including Apple TV, now prompts users to update their password to the new minimum security standard.

Comments

  • Reply 1 of 11
    plovellplovell Posts: 780member
    It's time that an iTunes account (for a specific ID) was able to have different password that the one used for email etc.



    I know I can create a different one just for iTunes but that breaks integration with iPhone stuff (email, FindMyiPhone, etc)
  • Reply 2 of 11
    I am always careful.
  • Reply 3 of 11
    Quote:
    Originally Posted by ghostface147 View Post


    I am always careful.



    The problem here is that using this method, a clever hacker could easily have inserted a phishing page into the genuine Apple site, and no one would have been the wiser. Scary!
  • Reply 4 of 11
    Quote:
    Originally Posted by tonton View Post


    The problem here is that using this method, a clever hacker could easily have inserted a phishing page into the genuine Apple site, and no one would have been the wiser. Scary!



    I don't think it would have progressed that far. \
  • Reply 5 of 11
    Apple needs to rehire their server expert, Chuq Von Rospach!
  • Reply 6 of 11
    peteropetero Posts: 94member
    A hacked company website -- even if modest -- deserves some kind of communiqué from a Fortune 100 company. I hope Apple issues a statement tomorrow that acknowledges the problem and describes the nature and impact to its users, if any. I'm not looking to be placated; rather, I just don't want a public instance of a security symptom swept under the rug -- otherwise, it undermines public confidence at the effort behind the veil of security.
  • Reply 7 of 11
    bedouinbedouin Posts: 331member
    The Apple Learning Interchange was hacked last year around this same time. An E-Mail was sent out stating that some IDs and passwords may have been revealed and to take caution. They're closing the ALI in September and sending people over to iTunes U instead.



    I just deleted the hack warning E-Mail a couple weeks ago, otherwise I'd give a more thorough description. I hadn't logged into my account since 2005 maybe, so I can't remember if they integrated it into Apple's universal ID system or not, but I don't think they did. Given the incredibly low traffic the ALI had and its seeming abandonment by Apple I sort of understood how a security lapse could happen.
  • Reply 8 of 11
    sendmesendme Posts: 567member
    Quote:
    Originally Posted by AppleInsider View Post


    To avoid any concerns, users can review their iTunes purchases for unauthorized transactions and change their account passwords..





    Steve should make us change our passwords on a weekly basis to prevent Apple from looking bad.
  • Reply 9 of 11
    shobizshobiz Posts: 207member
    Funny, this is not on that other site at all that claims to have everything first.



    Seems that a few things are either falling through the cracks or we are just hearing about these incidents now days.
  • Reply 10 of 11
    Quote:
    Originally Posted by plovell View Post


    It's time that an iTunes account (for a specific ID) was able to have different password that the one used for email etc.



    I know I can create a different one just for iTunes but that breaks integration with iPhone stuff (email, FindMyiPhone, etc)



    I'd like to see Apple support paypal as a form of payment vs credit card.



    The site hack though is so much more complex. It could just as easily have been a specific ISP that was targeted, maybe "tojan" figured out his ISP hadn't installed the latest DNS patches and decided to have some fun.



    If it is revealed that Apple's DNS or hosting service was hacked this would be quite embarrassing though. All in all I hope incidents like this help Apple to see they aren't invincible and that they must always have a proactive and not reactive approach.
  • Reply 11 of 11
    Quote:
    Originally Posted by iGod 2.0 View Post


    I don't think it would have progressed that far. \



    well its a good thing you're not doing the thinking because that's the quickest easiest way to collect information.
Sign In or Register to comment.