Involuntary/Malicious Password Reset

Similar Messages

• HT1911 Malicious password reset

  My password for my Apple ID has been reset 3 times in the last month by someone else.
  So I keep getting these mails:
  Dear EOX007,
  The password for your Apple ID xxxxxxxxxxxxxxx has been successfully reset.
  If you believe you have received this email in error, or that an unauthorized person has accessed your account, please go to iforgot.apple.com to reset your password immediately. Then review and update your security settings at appleid.apple.com >
  Questions? There are lots of answers on our Apple ID support page >
  Thanks,
  Apple Customer Support
  How is this possible ?
  Can somebody help ?
  Thanks in advance.
  Kind regards.
  EOX007

  Hi Bart,
  The OS does a good job logging. I would start by looking at your current system.log. Look for problems with authentication and lines that reference when the sudo command has run. Also look at the archived system logs compare the different logs. Look for remote logins in the wtmp log. Also check wtmp's archived logs. This is done with the last command in the Terminal.app, the archived logs will have to be unzipped to look at them. Check the secure.log. The secure.log records instances when GUI apps run at an elevated level, also logins. A good cracker knows how to cover his tracks. You may find nothing in the logs indicating your computer had an intruder.
  If you feel your computer has been compromised then remove it from the internet connection. Back-up your user home folder. Clone your start up drive to a diskimage. If you can't then make a copy of the /bin, /etc, and /var directories. This can be used as evidence should you report the intrusion.
  You need to re-install the OS. It might be a good idea to reformat the drive and zero the drive to flag bad blocks. Reconnect the computer to the internet and turn on the firewall. Use sofware update to update the OS to the highest level with all security updates. Reinstall any third party apps from installers not from any back up. Your user data should be re-introduced selectively and then only data files. Check that none of these files have the executable bit set. Use a virus scanner (Clamav) to check the files. And make sure you choose a good password.

• Account password reset too often

  I have a strange situation here.
  Every one week I'm receiving an e-mail notification that my Apple ID has been reset and I'm 100% sure that nobody except me is using my ID. It might be ridiculous but I suspect that someone is trying to hack my password.
  Is there any chance to check who or what is forcing me to change my password every week?
  Please help. I'm running out of ideas for the new passwords .

  If you are receiving e-mail messages that indicate that someone is trying to reset your Apple ID password, they may be phishing scams. Do not click any links in those e-mail messages, and if you make the mistake of doing so, do not provide your current Apple ID password on the page you are directed to.
  Unfortunately, in this case, there's nothing to be done except treat those messages the same way you would any other spam.
  The other possibility is that someone is actually trying to reset your Apple ID password. This may be due to a malicious attack, but more likely, it's just someone who thinks your Apple ID is actually theirs (due to a typo, faulty memory or something similar) and is trying to "regain" access. In any case, this is merely an annoyance, but you can put an end to it by enabling two-factor authentication on your Apple ID. This will require an additional piece of information that only you will possess in order to even start the password reset process.
  If you are actually seeing your password getting changed, and are having to reset it yourself to regain access, you are being hacked. This could be because your password is not strong enough to withstand a brute-force attack by a botnet. It could also be because the attacker already has access to your e-mail address, and is able to intercept the reset e-mail and complete the reset process. Because of that danger, you should change the password for the e-mail account associated with your Apple ID. You should also change the password for your Apple ID, making sure that it is a strong password, and enable two-factor authentication as mentioned above.

• How can i change email address for security questions and password resets

  I've noticed that my password reset requests are going to an old email acount. In fact, i am not sure where they are going.
  the real issue is that i don't see a way to change it when i am logged in (it took me many tries to actually log back in) to my apple id account.
  I've changed alternate email accounts, but again i don't see a way to change my destination email account for security section of the account.
  Also i would rather reset these via text (ATT has this option for my cell phone account reset and i love it).  I don't see an option like that from Apple at all.
  Any suggestions and help will be much appreciated. Don't want to struggle with password resets every time i need to get in.

  If you're able to supply two of your security answers, click here and follow the instructions to change your rescue email address.
  If not, you need to contact Apple.
  (125051)

• Can't download apps after password reset

  Why won't my phone download any new apps after doing a password reset? If I enter the wrong password I get an error message. If I enter the correct password, nothing happens.

  HI,
  *"Or when I try to download a program I get this dark gray screen with a black column in the middle filled with gibberish."*
  If it looks like this... it's a kernel panic.
  Go here for help to Resolve Kernel Panics
  Try downloading and installing the 10.6.2 combo update available here.
  http://support.apple.com/kb/DL959
  One of the fixes: -- an issue that prevented opening files downloaded from the Internet
  After the installation, repair disk permissions.
  Quit any open applications/programs. Launch Disk Utility. (Applications/Utilities) Select MacintoshHD in the panel on the left, select the FirstAid tab. Click: Repair Disk Permissions. When it's finished from the Menu Bar, Quit Disk Utility and restart your Mac. If you see a long list of "messages" in the permissions window, it's ok. That can be ignored. As long as you see, "Permissions Repair Complete" when it's finished... you're done. Quit Disk Utility and restart your Mac.
  And try Safari maintenance...
  From the Safari Menu Bar, click Safari / Empty Cache. When you are done with that...
  From the Safari Menu Bar, click Safari / Reset Safari. Select the top 5 buttons and click Reset.
  Safari add-ons can cause performance issues or other situations
  Also, if you are running Safari in 64 bit mode, try running in 32-bit mode instead. Right or control click the Safari icon in the Applications folder, then click: Get Info In the Get Info window click the black disclosure triangle next to General so it faces down. Select 32 bit mode. Quit Safari then relaunch.
  While you have the Get Info window open for Safari, make sure it's not running in Rosetta.
  Carolyn

• Lost password and password reset utility doesn't work.

  Kind of embarassing, but a couple of days ago I decided that it would be a good idea to change my password at three in the morning. Gah!
  I tried using the password reset utility, but it would simply crash upon selecting my drive. I ran it from the terminal and it says that it's getting a bus error. I tried using passwd from single user mode, but it seems as though Apple has decided that that is a bad thing. Same goes for trying to run it from the terminal on the install disc.
  What do I do now? Getting my files back won't be a problem, but I won't have the equipment to do that until I go home, and there are still a couple of weeks left in the semester. Being stuck using my guest account really *****!
  G5   Mac OS X (10.4.6)  

  This will give you root access to your computer:
  1) Reboot into single usermode (Hold "Cmd" + "S")
  2) At the Console # type:
  fsck -fy
  - This should come up OK after a minute, if not run it again
  3) At the Console # type:
  mount -uw /
  4)At the Console # type:
  nicl -raw /var/db/netinfo/local.nidb -createprop /users/root authentication_authority ";basic;"
  - The above should be all on 1 line (this might format it to wrap a line)
  5) At the Console # type:
  nicl -raw /var/db/netinfo/local.nidb -createprop /users/root passwd
  - This will reset the root password
  6) At the Console # type:
  reboot
  7) You can now login with the username root

• Apple ID not found. I know it exists because last password reset was on 3/2012. Did Apple delete my Apple ID?

  So first I was having trouble resetting my Apple ID password. Now I think it may have been deleted. e
  I automatically got signed out of Game Center and Find My Friends for which I use a different Apple ID account for. I think this happened after I upgraded to iOS 6 but not sure. I've tried to reset the password on http://appeid.apple.com using the two options.
  Option 1) I don't get the email verification in my inbox (looked everywhere, even spam folder. I even added the [email protected] address to my contacts to make sure it wasn't being sent to a spam box, etc.).
  Option 2) I enter my birthday but I get a message that it doesn't match with the records.
  So then I went through the steps to find my Apple ID if it existed and what do you know, it says "No Apple ID found".
  Could my Apple ID have been deleted? I thought Apple ID's "could not be deleted"? I know this Apple ID does exist (or did?) because my last password reset was in March 2012. I still have the old emails to prove it. I'll be so annoyed if it got deleted and all my Game Center stats are erased. (I got 11,600,000 in Temple Run!)
  Other information:
  I do have another Apple ID account which I use as my main account for purchases. For the rescue email and an alternate email address for this account, I use the email which is also the username of the other Apple ID account I am questioning about. I'm not sure if this has anything to do with it but just thought I'd put it out there in case it is.
  Has this happened to anyone else? 2     
  I swear, this whole Apple ID nonsense started for me when trying to set up Facetime across devices on my macbook and ipad and had to make new apple ids. So confusing. Anyway, thanks in advance for any insight into this dilemma.

  I'm having the same problem, what did you do?

• I cannot get my password reset to start using iphone. Tried website and asked to send to my email address /also my user id and nothing coming. i called 800-275-2273 and guy said apple having issues no est time of fix?

  I cannot get my password reset on apple itunes to start using my iphone. Tried website to reset password and asked to send email/same as user. Never getting email. Tried with my birthdate but that is not accepting. Called apple 8002752273 and guy told me Apple has had problems with this for weeks. Nothing he could do for me - i could answer all his security questions but birthdate. He said send a letter to itunes help , he could not provide. Could be weeks before anyone gets back to me? I checked itunes an of course there was not itunes email help available.  Anyone have email for customer relations or phone# or know how to fix this?

  "Could be weeks before anyone gets back to me?"
  Where did you get that nonsense?  Your involved question sounds like a hoax.  Regardless, the phone number for Apple Customer Relations is: 800-767-2775.

• HT201303 Random Apple id password resets - how to stop this?

  A couple of months ago I started getting emails from Apple titled "How to reset your Apple Id password" and then more worryingly "Your Apple Id password has been reset".  This happened several times over the next few days and I know this was not done by accident from me or my family because it was happening during the night UK time.  I reported to Apple support and they were no help, in fact they deactivated my account until I told them to reactivate it again!
  To me it seems like someone (or some system) is triggering the password reset online when trying to access my account.
  After reporting it to Apple it stopped for a couple of months - now it started again!  Several random resets during the night and day when I know no-one could be doing this from one of my devices.
  Has this happened to anyone else?  Any good ideas how to stop it?  Any way to disable email authentication on the password reset and restrict to only the personal data questions?

  Hi marky_mark_uk,
  Two-step verification might be a good idea for you if you're seeing a lot of password reset issues you did not initiate:
  Apple ID: Frequently asked questions about two-step verification for Apple ID
  http://support.apple.com/kb/ht5570
  Cheers!
  - Ari

• Can I use my existing E-mail address to retrieve my password reset through security questions

  Can I use my existing E-mail address to retrieve my password reset through security questions instead of through E-mail. When I try retrieving my new Apple password through reset through security questions?  On the Apple id, it will not allow me to do so becasue I forgot my security answers to the question. I'm naming one or two of the wrong vechiles which is what the questions ask me for for security questions.
  For icloud do you reccommend that I keep that same E-mail address or create a new one for my iCloud mail aside from my G-mail address name?
  I asked support community for the very first time to reset my security questions and it wanted me to create a new user name for iCloud when I already have *****l for my original Apple id.
  <Email Edited By Host>

  TheresaEW,
  I’d recommend contacting Apple directly to resolve your security question issue.

• HT4798 Does password reset with multiple Apple IDs work for you?

  I'm using 10.7.4. We have more than one valid Apple ID. Each when attached to one user profile can make use of the password reset feature using the Apple ID. If more than one Apple ID is assigned to a profile it no longer allows either to reset the profile. Is there something that I'm missing?

  Hmm if you've changed your password and go to the icloud preferences, it normally prompts you to input the password.  This didn't happen?  I would sign out of icloud and sign back in.  It'll warn you for some items they'll be removed from your computer, and that's fine.  They'll be stored in icloud and return when you sign back in.  If you want to make sure they're in icloud before signing out, go to icloud.com and sign in.  Poke around there to verify the data is there.

• Apple is sending a password reset to an email address that does not exist. How do I update the email? Can't find it in my account.

  Why is Apple sending an email to an address I can't find in my account??

  Agro1 wrote:
  Why is Apple sending an email to an address I can't find in my account??
  Apple will not send you password reset requests in an email. It is likely a phishing email trying to get your personal or security information. Ignore the request and send the email to trash. Do not provide any personal or security information in response to the email. Do not click on any links in the email.

• I need to delete an old icloud account on my i phone but can't remember the password and have changed my e-mail as it was cloned so can't use the password reset. Any ideas?

  Can anyone help me. I need to delete an old iCloud account on my i phone 4S so that I can use my new one. My old e-mail was cloned by my ex husband so I had to delete the account . I do not know what the password was and I can't use password reset as the old account does not exist and I have no chance to resurect it. any ideas?

  Hi Gail it is a separate apple id used on my old iphone. I now have a new appleid and password which is functioning though the new phone is bringing up my old apple ID
  Ta,
  BG

• How can I change my password reset email address?

  My AppleID password reset link keeps going to an old email address. Is there a way of changing the reset email address?

  Go to your country from http://support.apple.com/kb/HT5699 or use AppleCare country number from http://support.apple.com/kb/HE57 and ask to speak with the Account Security Team...they can handle that for you.

• What can I do? I've forgotten my password and dont remember the answers to my sercurity questions, and no longer have access to the email account i used for backup. How do I get my icloud password reset?

  What can I do? I've forgotten my password and dont remember the answers to my sercurity questions, and no longer have access to the email account i used for backup. How do I get my icloud password reset? Please help. Thanks in advance.

  Please see Kappy's User Tip here:
  https://discussions.apple.com/docs/DOC-4551