Apple ID security bolstered, forums taken offline after apparent hack

Discussions taken offline

Users reported that the company's official support discussion pages were unavailable on Saturday after the site first presented the message "for fun, by tojen," without any other content (pictured below).

Following the apparent hack, the site was redirected to a "backsoon/discussionstempaway" URL that simply stateed, "we're sorry, Apple Discussions is temporarily unavailable. We'll be back soon. Until then, please visit http://www.apple.com/support"

The discussion site appeared to remain offline throughout the weekend for some users who entered the discussions.apple.com URL manually or arrived using a saved bookmark, but direct links to discussion forum threads continued to work and entering the discussion site through Apple's support links also seemed to work normally.

This suggests the attack may have targeted external DNS servers or Apple's content delivery partners, sending users to an incorrect or outdated address of compromised servers that had been taken offline.

Increased security measures for iTunes accounts

Some users expressed concern about having logged into the support site using their Apple ID, which for many users is shared with their credit card linked iTunes account and therefore could be used to make fraudulent purchases if the account information were actually intercepted by a third party.

To avoid any concerns, users can review their iTunes purchases for unauthorized transactions and change their account passwords. A relatively small number of iTunes accounts were targeted by fraud in July, resulting in the inflated popularity of a specific developer's apps. Apple subsequently removed the developer from iTunes.

Apple has also increased the security of iTunes accounts, requiring users to verify their account information when they log into new devices (and associate their iTunes account with that Mac, Apple TV, iPhone, iPod Touch, or iPad), and now requires that new iTunes account passwords include at least 8 characters with mixed capitalization. Logging into certain devices, including Apple TV, now prompts users to update their password to the new minimum security standard.