Tech
New Apple ID Password Reset Issue Hitting iPhone, iPad And MacBook Users
I woke up early this morning, and, like millions of others, the first thing I did was check my iPhone for messages, weather reports, and news. Unlike every other day, however, I found myself logged out of my Apple ID and was required to not only enter my password again but change it for a new one. It appears I am not alone.
Although the Apple system status page reports no issues at all, that appears to be far from the truth of the matter. A quick scan of social media is all it takes to realise this is happening on a grand scale. Indeed, my colleague Zak Doffman, who also contributes to the cybersecurity section of Forbes tells me he had the same thing happen.
The problem appears to have started late Friday, 26 April, with reports of users being logged out of their Apple IDs. This is not device-specific and seems to be impacting users of iPhones, iPads and MacBooks.
As a security-minded person, I immediately thought something might be amiss as there have been some recent attacks that have involved password resets. However, as my colleague Kate O’Flaherty reported in March, these rely upon a method of two-factor authentication ‘bombing’ whereas the current situation is a straight ‘reset your password’ without anything else being involved. The 2FA bombing attackers would follow-up with a call pretending to be Apple Support, but I have had no such call and have nor read reports of anyone else getting them either.
The issue also means that users will need to not only log back in on all devices but reset all app-specific passwords as well. Currently, it is not known if this is a bug or a security incident. I have asked Apple for a statement and will update this breaking story as soon as I have more information.
“When anything arrives out of the blue, such as a password reset or One Time Password request, it is important to investigate further and research where possible before following any given prompts,” Jake Moore, global cybersecurity advisor at ESET, said. “This seems like it is a genuine bug as so many have been involved. Although a pain, it is actually often a good idea to reset all connected devices and change a password every so often or when there has been a data breach. However, due diligence is vital when dealing with unsolicited notifications and MFA should be turned on by default for all accounts.”