I woke up early this morning, and, like millions of others, the first thing I did was check my iPhone for messages, weather reports, and news. Unlike every other day, however, I found myself logged out of my Apple ID and was required to not only enter my password again but change it for a new one. It appears I am not alone.
Although the Apple system status page reports no issues at all, that appears to be far from the truth of the matter. A quick scan of social media is all it takes to realise this is happening on a grand scale. Indeed, my colleague Zak Doffman, who also contributes to the cybersecurity section of Forbes tells me he had the same thing happen.
The problem appears to have started late Friday, 26 April, with reports of users being logged out of their Apple IDs. This is not device-specific and seems to be impacting users of iPhones, iPads and MacBooks.
As a security-minded person, I immediately thought something might be amiss as there have been some recent attacks that have involved password resets. However, as my colleague Kate O’Flaherty reported in March, these rely upon a method of two-factor authentication ‘bombing’ whereas the current situation is a straight ‘reset your password’ without anything else being involved. The 2FA bombing attackers would follow-up with a call pretending to be Apple Support, but I have had no such call and have nor read reports of anyone else getting them either.
The issue also means that users will need to not only log back in on all devices but reset all app-specific passwords as well. Currently, it is not known if this is a bug or a security incident. I have asked Apple for a statement and will update this breaking story as soon as I have more information.
