this post was submitted on 22 Oct 2023
32 points (100.0% liked)

Apple

17438 readers
191 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 1 year ago
MODERATORS
 

The emails look legit, came from [email protected], don't even have a link in them to reset password, just a plaintext url to access appleid settings if I need to reset password.

Dear <>,
Your Apple ID (<>) was used to sign in to iCloud via a web browser.
Date and Time: October 21, 2023, 10:30 PM PDT
If the information above looks familiar, you can ignore this message.
If you have not signed in to iCloud recently and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.
Apple Support

I have 2fa enabled, and haven't got a login request any time I've got one of these emails.

The password isn't used for anything else, and is complicated enough that I highly doubt it was bruteforced.

The only other thing of note, is that around the time I started getting these emails, my windows machine prompted me a couple of times in a couple of days to re-sign-in to the iCloud desktop app. But the signin requests have stopped on windows, and the emails have continued. Oh, and this desktop currently shows up 4 times in the appleid devices list for some reason.

Anyone have any idea whats going on?

As a last resort I may contact apple support, but 1. I've been apple support before, and 2. the couple of times I've been stumped by apple device behavior, even their highest available support specialist couldn't resolve the issue (Though, I did eventually figure it out on my own)

you are viewing a single comment's thread
view the rest of the comments
[–] NightAuthor 2 points 1 year ago (1 children)

Yeah, all my devices, all here with me right now. Only weird thing there is that my windows desktop was listed 4 times.

And now after changing password and signing into my phone, watch, and desktop, there is a new device, named after my desktop, but it says its an iPhone... but that its running windows?! https://snipboard.io/A40yZP.jpg

I feel like they're just trying to irritate me out of using a windows pc, though I'd sooner get rid of all my apple devices.

I guess I'm just going to see if the emails keep coming after the password change. We have no reason to suspect that the password was compromised... but hey, sometimes the things that dont seem to make sense end up working.

[–] Oahziel 2 points 1 year ago

Here’s my theory. It’s not that your Windows desktop was listed 4 times. Those are 4 different devices. One of them is the real Windows desktop. The others are some other devices (could be the attacker’s, or your automation devices) that are using the same authentication token copied from your Windows machine. That’s why they are all recognized as your Windows desktop.