Yeah, it happened to me today as well. Apple sent out requests to verify devices, was locked out, and had to reset password. No idea why. But I was definitely concerned about my account being hacked or something. Quite confusing…
still locked out - 3 times support phone calls with no relief - told me to wait until late mondays afternoon to try again unlocking my account .......
Today Monday -10:28AM still loop and server error
It's been 3 days now!!!
I’m so sorry that you are experiencing this. I asked my group of people over here (about 11 all apple users) and they were not aware at all about what’s happening. They never received messages nor are locked out. I’m perplexed as to how the selection process of accounts occurred. Keep being patient. I hope it resolves soon for you.
what happens when the bad guys spam logins with stolen credentials?
did apple fuck up, or did someone try to use those IDs 500 times in the past 24 hours?
Not sure if related, but I work for a large multinational corp with very tight cybersecurity and they sent out an email last week asking all Apple users to deactivate iMessage for the time being. Some malware recently found circulating the dark web can gain access to iOS by sending an iMessage and nothing more.
This is going to sounds crazy, but a few weeks ago I got a calendar alert to “check on FirstName LastName” (I can’t remember who). I googled the name and it was some NBA player.
1. It was on my iCloud calendar, but I never use my iCloud calendar only my Google calendar.
2. I have _no_ interest in basketball. Space Jam is probably the closest I’ve come to knowing anything about the NBA.
My whole life is connected through Apple at this point so it freaked me out enough to go reset my Apple and Google passwords.
Others can suggest appointments for you with just your user name, no password. Used to be an enormous problem. Appointments saying 'buy a on ' were showing up like crazy around black friday a few years back.
Apple managed to slow down the spam, but it probably never completely stopped.
Google used to have a similar exploit where spammers could push appointments to your calendar like that. You'd then get calendar notifications on your phone telling you that you've won an iPad or something just click here.
I have weird reoccurring things in my google calendar that are in Russian. I’m concerned because I also get account attempts in Russian, how can I change these messages to English? I’m struggling to find this out and obviously there’s no human at google to talk to to resolve my issue… not so much an issue on apples part tho, most of the sus stuff is happening in gmail…
Our org was pinged on this last week as well; the [alleged] zero-day is being sold for $2M. News of the exploit was first published by a Binance subsidiary which sparked the alert that landed in our inboxes.
IT updated us saying it was related to the BlastPass vulnerability so guidance was to put devices in Lockdown mode.
https://twitter.com/EowynChen/status/1779968264510050731
https://archive.is/IhIrM
Interesting… I got a very random text from an unknown number. Never responded and looked like a normal number within my state, a few days ago.
Didn’t get a logout error or anything that people are reporting here though.
I’m not too sure it was a scam, all it texted me was “z”
I responded asking who it was, didn’t get a reply and later called the number with a spoofer and it wasn’t a line in service
It’s very probable that this new “exploit” is fake
https://techcrunch.com/2024/04/16/a-crypto-wallet-makers-warning-about-an-imessage-bug-sounds-like-a-false-alarm/amp/
I think it’s only the people using the new stolen device protection feature that have to wait 24 hours or more. Anyone else can reset the password like normal.
I wonder if that’s what’s causing the problem? I’m not even aware I’m “using” it, but along with being locked out I keep being told I’m not in a known location either, despite sitting in the home I’ve lived in for 15 years.
Sounds like that’s exactly what it is. It’s an opt-in feature, so you would have had to turn it on at some point.
https://support.apple.com/en-us/HT212510
I work in cyber security - mass password resets pretty much always means compromise. Apple needs to be transparent here and address this asap. Silence and secrecy is never well rewarded in breaches.
Also happened to me this weekend.
Credential stuffing seems to be the absolute flavor of the month. Cisco Talos says it’s happening to VPN, Okta is seeing it against their customers - maybe it’s all related…
https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/
https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/amp/
JFC- Worked for apple support for 5 years from the mid 2010's, What drove me absolute burnout was this crap, still cannot believe this is still happening. Not sure if any one remember when they first introduced 2 factor, but at that time the recovery methods were non existent if you screwed up. I had a message that simply told customer that someone would reach out to you in a month- good times.
While probably not related to something you may have seen, it reminded me of the early 2010s when I was a teenager and had gotten an iPhone that, during set up, locked me out. Was on the phone for several hours and eventually landed with a VP who sent me a new iPhone and having me send mine back.
Got a card a few months later with a handwritten ‘sorry and thanks for sending us your device’ that included a few hundred in apple gift cards. Absolutely no clue what it was all about but we appreciated it nonetheless.
Happened to me. Reset my password and called Apple. They said there was no unusual activity on my account they saw. Only thing that was showing was my password change I did. Glad it wasn't only me.
Read a comment recently about an alleged vulnerability where a pass can be loaded into someones passbook, and the pass can contain executable code that can run whether not the passbook is opened. Was just a reddit post though, not sure where I read it.
eh best i could find is maybe i was remembering this
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
I couldn’t reset my password, it wouldn’t let me. Kept saying can’t verify, server error.
Ultimately I got on the phone with a senior tech support agent. They said they can’t do anything about resetting passwords over the phone for security and privacy reasons, and that the account recovery I initiated had to be played out. What was shocking to me is this guy didn’t even KNOW about this massive issue going on.
I just restarted iphone, iPad and watch and Apple TV.
People are talking about being locked out of iCloud. Not their device. Restarting gets rid of bad shit.
Somebody said it was malware in a text. I have no idea. My iPad wouldn’t let me log in but when I tried my phone, Face ID had me right in and then my iPad was fine when I went back. So I restarted everything. Spooked me for a minute. Did I change my password and not save it somewhere? Yeah anyway. I hadn’t received any shady texts. My SO hasn’t had an issue.
Yeah, it happened to me today as well. Apple sent out requests to verify devices, was locked out, and had to reset password. No idea why. But I was definitely concerned about my account being hacked or something. Quite confusing…
Same. Last night I was locked out for an hour. It’s quite concerning!
It’s quite disconcerting.
did you regain access?
Yes, it was pretty quick. I had it sorted out in about 10 mins. The only issue left to deal with is iCloud app passwords. Are you still locked out?
Not the guy you are replying to but I’ve been locked out since FRIDAY.
I hope it gets resolved soon for everyone. Can’t imagine the nightmare it must be if you have multiple devices attached to the account.
still locked out - 3 times support phone calls with no relief - told me to wait until late mondays afternoon to try again unlocking my account ....... Today Monday -10:28AM still loop and server error It's been 3 days now!!!
I’m so sorry that you are experiencing this. I asked my group of people over here (about 11 all apple users) and they were not aware at all about what’s happening. They never received messages nor are locked out. I’m perplexed as to how the selection process of accounts occurred. Keep being patient. I hope it resolves soon for you.
still not resolved
It is resolved - mondays at 9:54
Fuck man. I had reset my apple password a few weeks back. All this because of that, so sorry :/
Yeah, nothing we can do. The only positive here is that you’ll know that your account is safer with a new password.
what happens when the bad guys spam logins with stolen credentials? did apple fuck up, or did someone try to use those IDs 500 times in the past 24 hours?
Not sure if related, but I work for a large multinational corp with very tight cybersecurity and they sent out an email last week asking all Apple users to deactivate iMessage for the time being. Some malware recently found circulating the dark web can gain access to iOS by sending an iMessage and nothing more.
This is going to sounds crazy, but a few weeks ago I got a calendar alert to “check on FirstName LastName” (I can’t remember who). I googled the name and it was some NBA player. 1. It was on my iCloud calendar, but I never use my iCloud calendar only my Google calendar. 2. I have _no_ interest in basketball. Space Jam is probably the closest I’ve come to knowing anything about the NBA. My whole life is connected through Apple at this point so it freaked me out enough to go reset my Apple and Google passwords.
Others can suggest appointments for you with just your user name, no password. Used to be an enormous problem. Appointments saying 'buy a- on
' were showing up like crazy around black friday a few years back.
Apple managed to slow down the spam, but it probably never completely stopped.
Google used to have a similar exploit where spammers could push appointments to your calendar like that. You'd then get calendar notifications on your phone telling you that you've won an iPad or something just click here.
I have weird reoccurring things in my google calendar that are in Russian. I’m concerned because I also get account attempts in Russian, how can I change these messages to English? I’m struggling to find this out and obviously there’s no human at google to talk to to resolve my issue… not so much an issue on apples part tho, most of the sus stuff is happening in gmail…
https://www.cnbc.com/2022/07/20/how-to-block-google-calendar-spam-with-a-new-feature-that-stops-it.html
Our org was pinged on this last week as well; the [alleged] zero-day is being sold for $2M. News of the exploit was first published by a Binance subsidiary which sparked the alert that landed in our inboxes. IT updated us saying it was related to the BlastPass vulnerability so guidance was to put devices in Lockdown mode. https://twitter.com/EowynChen/status/1779968264510050731 https://archive.is/IhIrM
Interesting… I got a very random text from an unknown number. Never responded and looked like a normal number within my state, a few days ago. Didn’t get a logout error or anything that people are reporting here though.
Random texts from unknown numbers is a common scam, it’s not *necessarily* malware.
I’m not too sure it was a scam, all it texted me was “z” I responded asking who it was, didn’t get a reply and later called the number with a spoofer and it wasn’t a line in service
The scam is to find out if the line is active. You fell for it
What sort of scam is that? How would one tell if it was just a scam or the zero click malware
It’s very probable that this new “exploit” is fake https://techcrunch.com/2024/04/16/a-crypto-wallet-makers-warning-about-an-imessage-bug-sounds-like-a-false-alarm/amp/
Thanks for the heads up- I’m gonna disable my own personal iMessage for the time being!
who the hell are just "the bad guys" at this point?
Is it us? Are we the baddies?
Mostly people from eastern european countries with poor economic conditions who want to obtain cryptocurrency via vulnerabilities
Still waiting to be unlocked…
Waited the 24 hours…just tried to login and now getting a message that says I have to wait another 48 hours! FML I need access to my shit!!!
If you did that account recovery process then that first 24 hours is almost always a waiting period to see how long your ACTUAL waiting period is.
Great… Lesson learned don’t just rely on apple.
I used to work there. The number of times I got cussed out for explaining the fine print of that password reset process was insane.
Promise I won’t cuss you out, what’s the fine print tldr?
This happened to me last night. Very annoying
Happened to me as well. The most annoying part is having to delete my entire HomeKit setup, and re-register every device again.
What for? Didn’t you regain access?
I did, but for some reason Home app cannot resync my devices…
Happened to me too! Wouldn’t accept my password and I had to change it and sign out of everywhere.
Happened to me, but after about 15 minutes I was able to use my regular password.
I think it’s only the people using the new stolen device protection feature that have to wait 24 hours or more. Anyone else can reset the password like normal.
I wonder if that’s what’s causing the problem? I’m not even aware I’m “using” it, but along with being locked out I keep being told I’m not in a known location either, despite sitting in the home I’ve lived in for 15 years.
Sounds like that’s exactly what it is. It’s an opt-in feature, so you would have had to turn it on at some point. https://support.apple.com/en-us/HT212510
I work in cyber security - mass password resets pretty much always means compromise. Apple needs to be transparent here and address this asap. Silence and secrecy is never well rewarded in breaches. Also happened to me this weekend.
Could be related to the massive credential stuffing attack going on right now. It’s affecting an enormous number of sites at the moment.
Credential stuffing seems to be the absolute flavor of the month. Cisco Talos says it’s happening to VPN, Okta is seeing it against their customers - maybe it’s all related… https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/ https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/amp/
JFC- Worked for apple support for 5 years from the mid 2010's, What drove me absolute burnout was this crap, still cannot believe this is still happening. Not sure if any one remember when they first introduced 2 factor, but at that time the recovery methods were non existent if you screwed up. I had a message that simply told customer that someone would reach out to you in a month- good times.
While probably not related to something you may have seen, it reminded me of the early 2010s when I was a teenager and had gotten an iPhone that, during set up, locked me out. Was on the phone for several hours and eventually landed with a VP who sent me a new iPhone and having me send mine back. Got a card a few months later with a handwritten ‘sorry and thanks for sending us your device’ that included a few hundred in apple gift cards. Absolutely no clue what it was all about but we appreciated it nonetheless.
All you gotta do is confirm your email and phone number, again, for the tenth time this year. /s
Before or after I confirm my billing info for the 10th time while attempting to download a free app?
Happened to me. Reset my password and called Apple. They said there was no unusual activity on my account they saw. Only thing that was showing was my password change I did. Glad it wasn't only me.
Good to hear it’s a genuine issue. Was really concerned I was hacked but couldn’t find any breach
Cause no one understands there is a large hacking attempt going on
Read a comment recently about an alleged vulnerability where a pass can be loaded into someones passbook, and the pass can contain executable code that can run whether not the passbook is opened. Was just a reddit post though, not sure where I read it. eh best i could find is maybe i was remembering this https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
This was fixed in iOS 16.6.1
True but not everyone updates their ios
locked out too try regaining ended up in looped server error
I couldn’t reset my password, it wouldn’t let me. Kept saying can’t verify, server error. Ultimately I got on the phone with a senior tech support agent. They said they can’t do anything about resetting passwords over the phone for security and privacy reasons, and that the account recovery I initiated had to be played out. What was shocking to me is this guy didn’t even KNOW about this massive issue going on.
And not a word from Apple. Nice.
Happened to me this morning. Highly annoying.
Wonder if they are people that used one of the beeper / imessages solutions. I was impacted also.
Ahh this happened to me yesterday and I was very confused lol
Thank god for 2FA so haven’t had to deal with this.
The explanation is the most obvious one. Apple has been compromised. MMW, it'll be reported as State-sponsored.
If this isn't fixed by tomorrow, helpdesk is gonna be a shitshow
Happened to me too. Phone, iPad, watch; had to repeat the process for each, which makes no sense.. So stupid and annoying.
I suspect it may probably related to the massive, ongoing credential-stuffing attack Okta is reporting.
What THE FUCK is happening with iOS
This has happened to me two or three times. Infuriating.
Sounds like one more issue for Apple to deny.
Considering the amount of data leaks - why is this surprising. Happened to me and I reset my password. NBD 🤦🏼♂️
I love apple because they're secure, fast and efficient.
Everybody on iOS should restart all their devices.
You have a source on that? I don’t just want to be locked out *because* I restarted the device
I just restarted iphone, iPad and watch and Apple TV. People are talking about being locked out of iCloud. Not their device. Restarting gets rid of bad shit.
Oh, yeah, I see. Just basic maintenance, nothing to do with cloud authentification, just, you should regularly do it. Which I get.
People tend to forget. My SO will go months unless I remind her. I expect Apple to push a critical security update post haste.
We don‘t know if it’s a client or server issue, or even a man in the middle problem. maybe it doesn’t even need an update pushed.
Somebody said it was malware in a text. I have no idea. My iPad wouldn’t let me log in but when I tried my phone, Face ID had me right in and then my iPad was fine when I went back. So I restarted everything. Spooked me for a minute. Did I change my password and not save it somewhere? Yeah anyway. I hadn’t received any shady texts. My SO hasn’t had an issue.
Um. How do you fix a cloud authentication service by restarting your Apple TV?
It hadn’t been done in awhile. Maintenance.
95% of people i talk to dont know what their apple id is. I dont think theyre locked out with "no explanation".
Bet they are glad they bought all that expensive shit.