Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > misc.phone.mobile.iphone > #195035
| From | Alan <nuh-uh@nope.com> |
|---|---|
| Newsgroups | misc.phone.mobile.iphone, comp.sys.mac.system, comp.mobile.ipad |
| Subject | Re: Everyone now has your login - which is the problem with Apple's dumb terminals |
| Date | 2025-05-22 11:50 -0700 |
| Organization | A noiseless patient Spider |
| Message-ID | <100nrlm$3jorq$1@dont-email.me> (permalink) |
| References | <100njk2$tko$1@nnrp.usenet.blueworldhosting.com> <100nkg4$3i436$1@dont-email.me> <100nljt$bhsu$1@paganini.bofh.team> <100nm1g$3i488$1@dont-email.me> <100nn28$bk17$1@paganini.bofh.team> |
Cross-posted to 3 groups.
On 2025-05-22 10:31, Victor wrote: > On Thu, 22 May 2025 10:14:24 -0700, Alan wrote: > >> On 2025-05-22 10:07, Victor wrote: >>> On Thu, 22 May 2025 09:48:04 -0700, Alan wrote: >>> >>>> 'Other logins included Facebook, Google, Instagram, Microsoft, >>>> and PayPal.' >>> >>> None of those are ever required just to make the device work >>> normally. >> >> The point is that data hacks are widespread and don't say anything >> in particular about any one company. >> >> And beyond having an AppleID, you don't need to give it much >> personal information. > > When someone has your Apple ID and password, especially from a > database leak like the one mentioned in the 9to5Mac article, they > gain access to a significant portion of your digital life within the > Apple ecosystem. This is incredibly serious, and here's a breakdown > of what they could get: > > Direct Access to Your Apple Services and Data: > > iCloud Data: This is a huge one. They can access: Photos and Videos: > All photos and videos stored in iCloud Photos. iCloud Drive Files: > Any documents, PDFs, or other files you've saved to iCloud Drive. If you choose to use iCloud Data... ...which you aren't required to do. And that's only if they can actually log in to your Apple ID... ...(actually now called Apple Account; try and keep up)... ...which they can't... ...because Apple requires two-factor authentication... ...meaning merely having your Apple Account information--userID and password isn't enough to get access to someone's data. > > iCloud Backups: Backups of your iPhone, iPad, and other Apple > devices, which can contain a vast amount of personal data (messages, > app data, health data, call history, etc.). Contacts, Calendars, > Notes, Reminders: All your synced personal information. If you choose to use iCloud Backups... ...which you aren't required to do. And that's only if they can actually log in to your Apple ID... ...(actually now called Apple Account; try and keep up)... ...which they can't... ...because Apple requires two-factor authentication... ...meaning merely having your Apple Account information--userID and password isn't enough to get access to someone's data. > > iMessage and FaceTime History: Your communication records. Health > Data: If synced to iCloud. Passwords (iCloud Keychain): While iCloud > Keychain is encrypted, if they can log in to your Apple ID on a new > trusted device (which they could attempt to do), they might gain > access to your saved passwords for websites and apps. If you choose to use iMessage and FaceTime... ...which you aren't required to do. And that's only if they can actually log in to your Apple ID... ...(actually now called Apple Account; try and keep up)... ...which they can't... ...because Apple requires two-factor authentication... ...meaning merely having your Apple Account information--userID and password isn't enough to get access to someone's data. > > Purchases: App Store and iTunes Store Purchases: They can see your > purchase history and potentially make new purchases using your saved > payment methods. Apple Pay: If your Apple ID is linked to Apple Pay, > they might be able to use your payment methods. Oh, no! They can see you bought Angry Birds! And that's only if they can actually log in to your Apple ID... ...(actually now called Apple Account; try and keep up)... ...which they can't... ...because Apple requires two-factor authentication... ...meaning merely having your Apple Account information--userID and password isn't enough to get access to someone's data. > > Find My: Device Location: They can see the real-time location of all > your Apple devices (iPhone, iPad, Mac, Apple Watch, AirPods, > AirTags). Device Locking/Erasing: They could remotely lock your > devices, display a message, or even erase them, rendering them > unusable to you. This one is true. > > Tracking You: They can track your location and the locations of > people you share your location with. > > Messages and FaceTime: They can send and receive messages and make > FaceTime calls as you, potentially scamming your contacts. Settings > and Preferences: They can see and potentially change many of your > Apple ID and device settings. Risks Beyond Direct Access: Not if you've established two-factor authentication... ...which is required by Apple. > > Identity Theft: With access to your personal information (email, > phone numbers, birth date, payment info, even documents in iCloud > Drive), they could use this to attempt identity theft. Financial > Loss: Unauthorized purchases through the App Store, iTunes Store, or > Apple Pay. 1. You don't need to put much of any personal information into an Apple Account 2. We've already covered that merely having your Apple Account userID and password isn't enough to access iCloud. 3. Same for purchases > > Phishing and Scams: Knowing your Apple ID and password makes it > easier for them to craft highly convincing phishing attempts that > could trick you into revealing even more sensitive information > (e.g., banking details, other online account passwords). How would that work, exactly? > > Access to Other Accounts (Password Reuse): The 9to5Mac article > explicitly states that this database contained logins for various > other services, including Facebook, Google, Microsoft, banks, and > government portals. If you reuse your Apple ID password on other > sites, those accounts are also now severely compromised. This is why > password reuse is a major security risk. And how is that Apple's fault if you reuse passwords? > > Ransomware/Extortion: In extreme cases, they might lock your devices > or encrypt your data and demand a ransom. What You Should Do > IMMEDIATELY (if your Apple ID was part of a breach or you suspect > compromise): They can't "encrypt your data". > > Change your Apple ID password immediately. Duh. > Make it strong, unique, > and long. Duh. > Enable Two-Factor Authentication (2FA) for your Apple ID > if you haven't already. This is critical! Even if they have your > password, they won't be able to log in without access to your > trusted device to receive the verification code. Review your trusted > devices in your Apple ID settings (Settings > [Your Name] > Password > & Security > Trusted Devices). Remove any devices you don't > recognize. Check your account information: Verify your name, phone > numbers, email addresses, and payment methods are correct and > haven't been altered by the attacker. Monitor your bank and credit > card statements for any unauthorized purchases. Be vigilant for > phishing attempts: Be extra cautious about any emails or messages > that appear to be from Apple or other services, especially if they > ask for personal information or direct you to click on links. > Consider using a password manager to generate and store strong, > unique passwords for all your online accounts, reducing the risk of > password reuse. Use tools like Have I Been Pwned to check if your > email addresses or phone numbers have appeared in other data > breaches. The article emphasizes that the passwords were found in > "plain text," which is a nightmare scenario as it means the > attackers don't even need to crack or decrypt them. This underscores > the severity of such a breach and the importance of strong security > practices. Indeed. You've discovered that good security practices are important. Bravo.
Back to misc.phone.mobile.iphone | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Everyone now has your login - which is the problem with Apple's dumb terminals Marion <marion@facts.com> - 2025-05-22 16:33 +0000
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Alan <nuh-uh@nope.com> - 2025-05-22 09:48 -0700
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Victor <victorheyne@notreal.org> - 2025-05-22 12:07 -0500
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Alan <nuh-uh@nope.com> - 2025-05-22 10:14 -0700
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Victor <victorheyne@notreal.org> - 2025-05-22 12:31 -0500
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Alan <nuh-uh@nope.com> - 2025-05-22 11:50 -0700
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Victor <victorheyne@notreal.org> - 2025-05-22 12:17 -0500
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Joel <joelcrump@gmail.com> - 2025-05-22 13:38 -0400
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Marion <marion@facts.com> - 2025-05-22 17:48 +0000
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Joel <joelcrump@gmail.com> - 2025-05-22 14:25 -0400
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Marion <marion@facts.com> - 2025-05-22 19:48 +0000
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Joel <joelcrump@gmail.com> - 2025-05-22 15:53 -0400
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Marion <marion@facts.com> - 2025-05-22 20:02 +0000
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Joel <joelcrump@gmail.com> - 2025-05-22 16:34 -0400
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Marion <marion@facts.com> - 2025-05-22 22:22 +0000
Re: Everyone now has your login. No they don't. (was: Everyone now has your login - which is the problem with Apple's dumb terminals) Tyrone <none@none.none> - 2025-05-23 00:23 +0000
Re: Everyone now has your login. No they don't. Marion <marion@facts.com> - 2025-05-23 02:51 +0000
Re: Everyone now has your login. No they don't. Alan <nuh-uh@nope.com> - 2025-05-22 20:18 -0700
Re: Everyone now has your login. No they don't. Tyrone <none@none.none> - 2025-05-23 22:29 +0000
Re: Everyone now has your login. No they don't. Chris <ithinkiam@gmail.com> - 2025-05-24 16:17 +0000
Re: Everyone now has your login. No they don't. Marion <marion@facts.com> - 2025-05-24 20:46 +0000
Re: Everyone now has your login. No they don't. Alan <nuh-uh@nope.com> - 2025-05-24 14:34 -0700
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Jolly Roger <jollyroger@pobox.com> - 2025-05-23 18:07 +0000
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Marion <marion@facts.com> - 2025-05-23 18:38 +0000
Re: Everyone now has your login - which is the problem with Apple's dumb terminals Alan <nuh-uh@nope.com> - 2025-05-23 12:10 -0700
csiph-web