3 min read

Apple says nothing as Apple ID accounts mysteriously locked down

Graham CLULEY

November 14, 2018

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Apple says nothing as Apple ID accounts mysteriously locked down

Has someone been trying to hack into a large number of Apple ID accounts?

That’s one of the theories circulating after a significant number of iPhone owners woke up on Tuesday to discover that their handsets were displaying a message saying that their Apple ID had been locked.

All the indications are that Apple locked the accounts of an unknown number of customers, kicking them out of iCloud, iMessage, Apple Music, Apple TV and other services and – in some cases – demanding that they verify their identity to regain access.

As 9to5Mac reports, criticism has spilled out onto social media as frustrated users complained to Apple that their attempts to regain access resulted in failure.

Apple, typically, has been unforthcoming about why so many accounts appear to have been locked.

Of course, that hasn’t stopped people from speculating. Theories include that perhaps the problem lies at Apple’s end, and a bug in the code which decides if an account should be locked or not is triggering lockouts where they are not appropriate, or its systems are failing to correctly allow users to correctly verify their identity.

Another possibility is that the company has seen a spike in attempts to access accounts, perhaps using passwords gleaned from other online data breaches. Such leaks on other sites can pose a risk to Apple users if they had made the mistake of reusing passwords across multiple services.

Some locked out users, however, assert that the passwords they use to protect their iCloud accounts were not being used anywhere else on the net.

A further possibility is that Apple is simply proactively trying to protect users who it believes may be at risk of having their accounts breached. Apple, after all, does not know what password you have chosen to use on other websites (unless it also has access to a breached database), but if it is concerned that you *might* be amongst those who may have made a poor password choice, it’s not utterly impossible to imagine that they might take steps to ensure users have reset passwords rather than risk headlines of thousands of breached Apple accounts…

It should be noted that the risk associated with your Apple ID password falling into the wrong hands can be significantly reduced by adding the additional security layer of two-factor authentication (2FA) o your Apple ID account.

The nice thing about having 2FA protecting your Apple ID account, is not only that it may prevent an unauthorised party from gaining access but also that you will receive a warning of an attempt to break in.

For its part, in the immediate aftermath of the lockouts, Apple’s support team is pointing affected users to a knowledgebase article which describes actions users can take if they find their account is locked or disabled.

That won’t tell you why your account has been disabled, or what the security alert was about, but it does at least give you the steps you are normally required to take to regain access.

Meanwhile the rest of us will wait with interest to see if there is any official announcement from Apple – after all, we’re still in the dark as to whether there was a genuine security-related reason for users to have their accounts locked, or whether this was a problem with Apple’s systems.

tags


Author


Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like

Bookmarks


loader