Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • hubb
    • By hubb 15th Jun 17, 9:54 AM
    • 1,751Posts
    • 345Thanks
    hubb
    How did someone use my Apple ID ?
    • #1
    • 15th Jun 17, 9:54 AM
    How did someone use my Apple ID ? 15th Jun 17 at 9:54 AM
    I was emailed by Apple that someone with a strange username had signed into my account with an ipod (which I do not own) and that they were suspicious that it was fraudulent. It was so I went to my account (not via the email just incase) and changed my password. But my main concern is how did someone else get my email, and more importantly my password to sign into my account ? I checked the email was legit which it was as they addressed it to my name, not just "dear customer" or something like these scams use.
Page 2
    • Ant555
    • By Ant555 16th Jun 17, 12:14 PM
    • 665 Posts
    • 240 Thanks
    Ant555
    You have changed your password which was very wise.

    If you log in now then do you see this 'suspect' ipod listed in your devices?

    If not then it was almost certainly was a phishing email, if it IS there then someone knows your previous Apple credentials.

    By The way if you log in to iCloud and can see the suspect ipod then you should be able to wipe/erase/put in lost mode remotely.
    • Ant555
    • By Ant555 16th Jun 17, 12:33 PM
    • 665 Posts
    • 240 Thanks
    Ant555
    PS - if you go to this web site and enter your email address it will check it against the millions of email addresses that have been hacked and shared online due to companies being compromised. If your mail address was stolen in one of the many data breaches then they might have also got your real name or even addresses etc and that is how the 'bad people' can construct an email that looks real.

    https://haveibeenpwned.com/

    Note that the Exploit.in 'leak' is a body of work where someone on the bad side of the fence has spent time and effort to join together all the other data breaches and is offering for sale a list of up to 800 million email/password combos that have been stolen in all the other breaches put together!

    Hope this helps.
    Last edited by Ant555; 16-06-2017 at 12:39 PM.
    • hubb
    • By hubb 16th Jun 17, 12:36 PM
    • 1,751 Posts
    • 345 Thanks
    hubb
    Good news — no pwnage found!


    Here is the header.

    Received: by 10.74.172.199 with SMTP id c7csp379347oon;
    Wed, 14 Jun 2017 09:00:16 -0700 (PDT)
    X-Received: by 10.84.218.141 with SMTP id r13mr816975pli.67.1497456015967;
    Wed, 14 Jun 2017 09:00:15 -0700 (PDT)
    ARC-Seal: i=1; a=rsa-sha256; t=1497456015; cv=none;
    d=google.com; s=arc-20160816;
    b=M/tFXAeeJB+g+TiKcKx6W+SQFUViuC84SdAzZbL/vCct2Ys7r9BOpLjVF0H2+B6dSK
    GJ7OTvI4oI2zxvxcEvMughIs3FCwxGmkZMjEqtYx1L7ffwUfSM 16gH2bdv1vOXkaaxVw
    nL02CsFfHd4ME8xFQ7kGfHGUyfxjEuq7pUE+vBiAFd0BzooqCT skMX0/n1VgN9m/Rf5l
    kozbU0gvfCz2YJuMZqBeIekcewtlU9CAP9cOgNW2Yck7lMF+Ou IlrJHudCodqHexbIJD
    6HTDiPLgqHRhq8WEhUC/zaW9ACJN2uy2Ga61uL3DQtqAsNZAOTnNp0my1tLBl5mRVtaj
    +GaQ==
    Last edited by hubb; 16-06-2017 at 12:51 PM.
    • DavidP24
    • By DavidP24 16th Jun 17, 1:58 PM
    • 1,919 Posts
    • 1,132 Thanks
    DavidP24
    Was sent by Gmail, they are only ISP using 10 subnet which is supposed to be for internal networks only, typical Google, think they can do what they want and mess things up for others.
    Thanks, don't you just hate people with sigs !
    • DavidP24
    • By DavidP24 16th Jun 17, 2:00 PM
    • 1,919 Posts
    • 1,132 Thanks
    DavidP24
    I'm sorry but I don't know how to find this info. Windows live mail is not showing it.
    Originally posted by hubb

    Here is the exact text but it does display my full name as well as email address, something all phishing emails in the past have failed to do.

    Dear **********,
    Your Apple ID (*******@gmail.com) was used to sign in to iMessage on an iPod named “ossex's iPhone”.
    Date and Time: 14 June 2017, 8:59 AM PDT
    Operating System: iOS 6.1.6
    If the information above looks familiar, you can disregard this email.
    If you have not recently signed in to an iPod with your Apple ID and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.
    Sincerely,
    Apple Support


    Apple ID | Support | Privacy Policy
    Copyright © 2017 Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. All rights reserved.
    Originally posted by hubb


    Are you by any chance using Windows live to collect from Gmail Account?

    If so you would be better off going into that gmail account and checking header there.

    Otherwise, this is surely spam because if your Apple id was Gmail Apple would have written to you on gmail account not live account.
    Last edited by DavidP24; 16-06-2017 at 2:05 PM.
    Thanks, don't you just hate people with sigs !
    • hubb
    • By hubb 16th Jun 17, 2:26 PM
    • 1,751 Posts
    • 345 Thanks
    hubb
    It came through on my gmail account which I retrieved on my ipad. My Gmail account is also hooked up to windows live.
    • DavidP24
    • By DavidP24 16th Jun 17, 7:19 PM
    • 1,919 Posts
    • 1,132 Thanks
    DavidP24
    OK so follow the link in my post above and check the header from gmail online rather than live.com
    Thanks, don't you just hate people with sigs !
    • raees94
    • By raees94 21st Jun 17, 3:17 PM
    • 5 Posts
    • 0 Thanks
    raees94
    There are many hackers who can do this kind of !!!!. Change the password and you are done.
    • DavidP24
    • By DavidP24 21st Jun 17, 4:40 PM
    • 1,919 Posts
    • 1,132 Thanks
    DavidP24
    Spammer
    There are many hackers who can do this kind of !!!!. Change the password and you are done.
    Originally posted by raees94
    There are many spammers who just want to increase their post count so they can paste links.
    Thanks, don't you just hate people with sigs !
    • angryparcel
    • By angryparcel 21st Jun 17, 5:19 PM
    • 910 Posts
    • 516 Thanks
    angryparcel
    Was sent by Gmail, they are only ISP using 10 subnet which is supposed to be for internal networks only, typical Google, think they can do what they want and mess things up for others.
    Originally posted by DavidP24
    No not gmail

    https://whois.domaintools.com/10.84.218.141

    Private Ip Address Lan

    gmail dont use private IPS.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

2,904Posts Today

8,175Users online

Martin's Twitter
  • Byebye! I'm about to stop work & twitter, to instead spend glorious time with Mrs & mini MSE. Wishing u a lovely summer. See u in 10 days.

  • WARNING Did you start Uni in or after 2012? The interest's rising to 6.1%; yet it doesnt work like you think. See https://t.co/IQ8f0Vyetu RT

  • RT @JanaBeee: @MartinSLewis Boris is the anomaly (coffee), the others are versions of normal (beer). Lots of same candidates = vote share d?

  • Follow Martin