Apple IDs locked for unknown reasons for a number of iPhone users

Posted:
in iPhone edited November 2018
A number of iPhone users have discovered their Apple ID has been locked on all of their Apple devices, preventing them from accessing stored data and related services, with the lockdowns occurring for seemingly unknown reasons.

A notification in iOS advising of a locked Apple ID
A notification in iOS advising of a locked Apple ID


Reports from users surfacing on Reddit and other social media platforms claim their iOS devices asked for the Apple ID password to be entered. After entering what is believed to be the correct password, in some cases a pop-up message advises the Apple ID is locked for "security reasons," and that users have to verify their identity to unlock the account.

Affected users are able to restore access to the account, by tapping "Unlock Account" on the Apple ID Locked popup and answering a number of security questions, or by going to Apple's account support page and following the instructions. Once validated, Apple asks users to set a password, then access to Apple ID-related services are restored.

It is unclear exactly what is happening to cause the accounts to be locked, but the significant rise in online complaints suggests it has happened to a large number of people at the same time with the first "wave" at about midnight eastern time. While it could be caused in error by Apple's account security protocols, there is also the chance that the accounts are being probed by a malicious actor, though ultimately the reason behind the locking of accounts is unknown in this case.

Sources inside Apple not authorized to speak for the company advised to AppleInsider "At present, this doesn't appear to be an Apple bug. Whatever it is, it is only impacting a minute percentage of our users."

AppleInsider has asked Apple for further comment on the matter, and will update accordingly.
«13

Comments

  • Reply 1 of 46
    2 pieces of advice .
    1.Use iCloud Keychain to make passwords. Do not try to remember them.
    2. Use 2Factor Authentication.
    macplusplusn2itivguychasmSpamSandwich
  • Reply 2 of 46
    The user and all related content has been deleted.
  • Reply 3 of 46
    gatorguygatorguy Posts: 20,267member
    2 pieces of advice .
    1.Use iCloud Keychain to make passwords. Do not try to remember them.
    2. Use 2Factor Authentication.
    FWIW even those using 2FA have reported their Apple ID's locked. 
    chasm
  • Reply 4 of 46
    It happened to me.
  • Reply 5 of 46
    It hit me overnight, forced me to reset my password this morning. 
  • Reply 6 of 46
    2 pieces of advice .
    1.Use iCloud Keychain to make passwords. Do not try to remember them.
    2. Use 2Factor Authentication.
    3. Make sure you have all your data backed up localy. The “cloud” is just for convinient sharing of data regardless what the big players say.
    cgWerks
  • Reply 7 of 46
    lkrupplkrupp Posts: 6,782member
    Trouble is, based on what I see on a daily basis in the Apple Discussion Forums, a significant number of users routinely forget their security questions and Apple ID passwords. Then they fly into a rage when told how to go about reestablishing control. They also don't give a rat’s hind end about security.
  • Reply 8 of 46
    2 pieces of advice .
    1.Use iCloud Keychain to make passwords. Do not try to remember them.
    2. Use 2Factor Authentication.
    3. Make sure you have all your data backed up localy. The “cloud” is just for convinient sharing of data regardless what the big players say.
    Keychain is not stored in backup. Keychain is more secure.
    techtriyo
  • Reply 9 of 46
    Johan.GJohan.G Posts: 10unconfirmed, member
    This happened to me and I discovered the issue was with app-specific passwords. In my case using app-specific passwords with Mailstrom caused the security problem, though entirely on Apple’s side of things. 
    The Mailstrom ppl worked with Apple to resolve the issue and they have. Perhaps others with suddenly locked iCloud accounts should have third parties look into it if using app-specific passwords for integration – i.e. mail, calendar or notes sync services. 
    edited November 2018 chian2itivguy
  • Reply 10 of 46
    This happened to me yesterday afternoon. I have 2-factor authentication set up as well. It was not possible to unlock my account without resetting my password and then I had to log in again on all my devices.
  • Reply 11 of 46
    avon b7avon b7 Posts: 3,440member
    Probably unrelated but I received an avalanche of clients requesting advice on how to handle supposed compromised accounts (not, AppleID but email, banking, electric companies etc) after receiving emails from supposed hackers.

    I normally tell people to ignore them as simple phishing attempts but the new thing is that the mails are including their real passwords or ones tbey have used in the past.

    I've arranged a meeting with one to look into what is going on in her case but I wonder if something nasty has happened on a wider scale and companies are taking preemptive measures.
    GeorgeBMac
  • Reply 12 of 46
    gatorguygatorguy Posts: 20,267member
    avon b7 said:
    Probably unrelated but I received an avalanche of clients requesting advice on how to handle supposed compromised accounts (not, AppleID but email, banking, electric companies etc) after receiving emails from supposed hackers.

    I normally tell people to ignore them as simple phishing attempts but the new thing is that the mails are including their real passwords or ones tbey have used in the past.

    I've arranged a meeting with one to look into what is going on in her case but I wonder if something nasty has happened on a wider scale and companies are taking preemptive measures.
    Could it possibly be related to the "inadvertent" web traffic redirect to China yesterday? Google and CloudFlare were both affected and commented on it. In Google's case they say all traffic was encrypted and nothing was exposed, and I believe CloudFlare has said much the same. Both had obviated the problem within an hour or so. It seems like there were a couple of mentions early today about other companies also being impacted by the BGP incident. 

    This is hardly the first time that China Telecom has "inadvertently" been the recipient of web traffic that it should not have seen. It was only a week ago that Ars ran an article about a couple of other instances of BGP allowing a misdirection to China, one lasting over two years. BCP problems have to be dealt with much sooner than later. 
    https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/
    edited November 2018 emoeller
  • Reply 13 of 46
    gatorguy said:
    avon b7 said:
    Probably unrelated but I received an avalanche of clients requesting advice on how to handle supposed compromised accounts (not, AppleID but email, banking, electric companies etc) after receiving emails from supposed hackers.

    I normally tell people to ignore them as simple phishing attempts but the new thing is that the mails are including their real passwords or ones tbey have used in the past.

    I've arranged a meeting with one to look into what is going on in her case but I wonder if something nasty has happened on a wider scale and companies are taking preemptive measures.
    Could it possibly be related to the "inadvertent" web traffic redirect to China yesterday? Google and CloudFlare were both affected and commented on it. In Google's case they say all traffic was encrypted and nothing was exposed, and I believe CloudFlare has said much the same. It seems like there were a couple of mentions early today about other companies also being impacted by the BGP incident. 

    Caused by an email from a Nigerian prince I hear. 
    lkrupp
  • Reply 14 of 46
    asciiascii Posts: 5,941member
    Even if there are a number of failed logins to your account (from hackers or whatever) I don't know why Apple has to lock it. Couldn't they prevent any *new* logins for (e.g. 24 hours) but any devices that are already logged in, leave them logged in?
  • Reply 15 of 46
    avon b7avon b7 Posts: 3,440member
    gatorguy said:
    avon b7 said:
    Probably unrelated but I received an avalanche of clients requesting advice on how to handle supposed compromised accounts (not, AppleID but email, banking, electric companies etc) after receiving emails from supposed hackers.

    I normally tell people to ignore them as simple phishing attempts but the new thing is that the mails are including their real passwords or ones tbey have used in the past.

    I've arranged a meeting with one to look into what is going on in her case but I wonder if something nasty has happened on a wider scale and companies are taking preemptive measures.
    Could it possibly be related to the "inadvertent" web traffic redirect to China yesterday? Google and CloudFlare were both affected and commented on it. In Google's case they say all traffic was encrypted and nothing was exposed, and I believe CloudFlare has said much the same. Both had obviated the problem within an hour or so. It seems like there were a couple of mentions early today about other companies also being impacted by the BGP incident. 

    This is hardly the first time that China Telecom has "inadvertently" been the recipient of web traffic that it should not have seen. It was only a week ago that Ars ran an article about a couple of other instances of BGP allowing a misdirection to China, one lasting over two years. BCP problems have to be dealt with much sooner than later. 
    https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/
    Probably not due to yesterday's re-routing as I've been receiving calls for about a week. Although I believe this kind of re-routing has happened before.

    Unfortunately, and with regards to the meeting I have tomorrow, my clients phone was stolen just before summer and I will have to ascertain what action she took back then.

    Other cases involve people who seemingly haven't had their phones stolen or compromised physically.
    edited November 2018
  • Reply 16 of 46
    SoliSoli Posts: 8,678member
    ascii said:
    Even if there are a number of failed logins to your account (from hackers or whatever) I don't know why Apple has to lock it. Couldn't they prevent any *new* logins for (e.g. 24 hours) but any devices that are already logged in, leave them logged in?
    Maybe it's a glitch? Maybe they are hackers but they're not trying to brute force with remote logins, but found a way to access a specific node so Apple did a lockdown of all accounts on that server(s). Maybe they already stole some heavily encrypted data, like encrypted and salted security keys, that Apple will monitor and that by forcing users (which will most likely verify with 1FA today which could update the long, random security key tied to your account which would make impossible getting past one layer of encryption pointless for then using those security keys for accessing user data in the future?  Unwanted iCloud traffic rerouting through China, as GoogleGuy mentions? ¯\_(ツ)_/¯ 

    If legitimate users woke up this morning to find they couldn't access iCloud for 24 hours I'd think that would be a bigger issue.
    edited November 2018
  • Reply 17 of 46
    ...so what happens to multinational cloud data & services if a country were to unexpectedly be at war with a hosting country, considering the increasing reliance of so many (particularly private or non-military citizens) on cloud and data services that cross such international boundaries...? 
  • Reply 18 of 46
    jimh2jimh2 Posts: 118member
    2 pieces of advice .
    1.Use iCloud Keychain to make passwords. Do not try to remember them.
    2. Use 2Factor Authentication.
    You do not know what you are talking about when it comes to this. I, like others, knew and used your two pieces of advice and I was still forced to do the reset. 
  • Reply 19 of 46
    chasmchasm Posts: 1,261member
    It happened to me around 5pm PST. As usual, I first quit my web browser to ensure that this wasn't a fake pop-up trying to steal my credentials, but a visit to system preferences ensured that was not the case. I then went through the procedure to reset the password (because really I had been using the same one for too long anyway) and replied back to the 2FA with no issues, so it wasn't that big a deal except that you have to do this on each of your devices, and I have four of them.

    I hope it was simply a glitch and not the result of a dedicated attack. A very minor inconvenience in the grand scheme of things.
  • Reply 20 of 46
    lkrupp said:
    Trouble is, based on what I see on a daily basis in the Apple Discussion Forums, a significant number of users routinely forget their security questions and Apple ID passwords. Then they fly into a rage when told how to go about reestablishing control. They also don't give a rat’s hind end about security.
    Yes, I have a friend who cannot remember her security questions.   When she initially set up her IDs she saw them as stupid and a nuisance and just rushed through them.  Now, if she ever needs them she'll be in trouble.

    I have another friend who sets up long, complicated non-intuitive passwords.  He usually writes them down on a piece of scratch paper -- which he then loses...

    Sigh...
Sign In or Register to comment.