The emails look legit, came from [email protected], don’t even have a link in them to reset password, just a plaintext url to access appleid settings if I need to reset password.

Dear <>,
Your Apple ID (<>) was used to sign in to iCloud via a web browser.
Date and Time: October 21, 2023, 10:30 PM PDT
If the information above looks familiar, you can ignore this message.
If you have not signed in to iCloud recently and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.
Apple Support

I have 2fa enabled, and haven’t got a login request any time I’ve got one of these emails.

The password isn’t used for anything else, and is complicated enough that I highly doubt it was bruteforced.

The only other thing of note, is that around the time I started getting these emails, my windows machine prompted me a couple of times in a couple of days to re-sign-in to the iCloud desktop app. But the signin requests have stopped on windows, and the emails have continued. Oh, and this desktop currently shows up 4 times in the appleid devices list for some reason.

Anyone have any idea whats going on?

As a last resort I may contact apple support, but 1. I’ve been apple support before, and 2. the couple of times I’ve been stumped by apple device behavior, even their highest available support specialist couldn’t resolve the issue (Though, I did eventually figure it out on my own)

  • meseek #2982
    link
    fedilink
    251 year ago

    Your PC looks to have been the attack vector given all those password requests.

    Sign out of your PC and anything else. Using your phone, sign into iCloud and change your password. Remove all you’d devices, expect your phone.

    Don’t sign in anywhere else. Wait and monitor your account.

    If that works, then start running a scan on your PC. Because it’s likely you have malware on it. Your iPhone (unless you jailbroke it) is secure.

    It unlikely the hacker infiltrated iCloud or is doing anything other than copying the password you keep re entering on your PC.

    • @NightAuthorOP
      link
      English
      41 year ago

      That’s not a bad idea. I’ll give that a shot, if only to rule out the desktop. My working theory is that theres a bug in the windows icloud program, and this could help isolate the source. Maybe after a bit, if no issues arrise with your test condition, I will sign in via a desktop browser and see if the emails re-appear, indicating that it may be my computer in general, as opposed to just the icloud program. We’ll see.

      Thanks

      • meseek #2982
        link
        fedilink
        6
        edit-2
        1 year ago

        It’s unlikely there’s a bug that would hit logins. That seems super super rare that someone found a massive exploit into the system as a whole as is just fucking with your account lol. And doesn’t explain how anyone managed to get in or keeps trying or how they bypass 2FA; there’s lots of questions left unanswered. There’s just way too many hurdles being jumped to call it a “bug” imo. An infected PC seems much more likely.

        I wouldn’t log in using your PC till you can for sure deem it free of malware.