Apple IDs locked for unknown reasons for a number of iPhone users
A number of iPhone users have discovered their Apple ID has been locked on all of their Apple devices, preventing them from accessing stored data and related services, with the lockdowns occurring for seemingly unknown reasons.
A notification in iOS advising of a locked Apple ID
Reports from users surfacing on Reddit and other social media platforms claim their iOS devices asked for the Apple ID password to be entered. After entering what is believed to be the correct password, in some cases a pop-up message advises the Apple ID is locked for "security reasons," and that users have to verify their identity to unlock the account.
Affected users are able to restore access to the account, by tapping "Unlock Account" on the Apple ID Locked popup and answering a number of security questions, or by going to Apple's account support page and following the instructions. Once validated, Apple asks users to set a password, then access to Apple ID-related services are restored.
It is unclear exactly what is happening to cause the accounts to be locked, but the significant rise in online complaints suggests it has happened to a large number of people at the same time with the first "wave" at about midnight eastern time. While it could be caused in error by Apple's account security protocols, there is also the chance that the accounts are being probed by a malicious actor, though ultimately the reason behind the locking of accounts is unknown in this case.
Sources inside Apple not authorized to speak for the company advised to AppleInsider "At present, this doesn't appear to be an Apple bug. Whatever it is, it is only impacting a minute percentage of our users."
AppleInsider has asked Apple for further comment on the matter, and will update accordingly.
A notification in iOS advising of a locked Apple ID
Reports from users surfacing on Reddit and other social media platforms claim their iOS devices asked for the Apple ID password to be entered. After entering what is believed to be the correct password, in some cases a pop-up message advises the Apple ID is locked for "security reasons," and that users have to verify their identity to unlock the account.
Affected users are able to restore access to the account, by tapping "Unlock Account" on the Apple ID Locked popup and answering a number of security questions, or by going to Apple's account support page and following the instructions. Once validated, Apple asks users to set a password, then access to Apple ID-related services are restored.
It is unclear exactly what is happening to cause the accounts to be locked, but the significant rise in online complaints suggests it has happened to a large number of people at the same time with the first "wave" at about midnight eastern time. While it could be caused in error by Apple's account security protocols, there is also the chance that the accounts are being probed by a malicious actor, though ultimately the reason behind the locking of accounts is unknown in this case.
Sources inside Apple not authorized to speak for the company advised to AppleInsider "At present, this doesn't appear to be an Apple bug. Whatever it is, it is only impacting a minute percentage of our users."
AppleInsider has asked Apple for further comment on the matter, and will update accordingly.
Comments
1.Use iCloud Keychain to make passwords. Do not try to remember them.
2. Use 2Factor Authentication.
The Mailstrom ppl worked with Apple to resolve the issue and they have. Perhaps others with suddenly locked iCloud accounts should have third parties look into it if using app-specific passwords for integration – i.e. mail, calendar or notes sync services.
I normally tell people to ignore them as simple phishing attempts but the new thing is that the mails are including their real passwords or ones tbey have used in the past.
I've arranged a meeting with one to look into what is going on in her case but I wonder if something nasty has happened on a wider scale and companies are taking preemptive measures.
This is hardly the first time that China Telecom has "inadvertently" been the recipient of web traffic that it should not have seen. It was only a week ago that Ars ran an article about a couple of other instances of BGP allowing a misdirection to China, one lasting over two years. BCP problems have to be dealt with much sooner than later.
https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/
Unfortunately, and with regards to the meeting I have tomorrow, my clients phone was stolen just before summer and I will have to ascertain what action she took back then.
Other cases involve people who seemingly haven't had their phones stolen or compromised physically.
If legitimate users woke up this morning to find they couldn't access iCloud for 24 hours I'd think that would be a bigger issue.
I hope it was simply a glitch and not the result of a dedicated attack. A very minor inconvenience in the grand scheme of things.