Discussions taken offline
Users reported that the company's official support discussion pages were unavailable on Saturday after the site first presented the message "for fun, by tojen," without any other content (pictured below).
Following the apparent hack, the site was redirected to a "backsoon/discussionstempaway" URL that simply stateed, "we're sorry, Apple Discussions is temporarily unavailable. We'll be back soon. Until then, please visit http://www.apple.com/support"
The discussion site appeared to remain offline throughout the weekend for some users who entered the discussions.apple.com URL manually or arrived using a saved bookmark, but direct links to discussion forum threads continued to work and entering the discussion site through Apple's support links also seemed to work normally.
This suggests the attack may have targeted external DNS servers or Apple's content delivery partners, sending users to an incorrect or outdated address of compromised servers that had been taken offline.
Increased security measures for iTunes accounts
Some users expressed concern about having logged into the support site using their Apple ID, which for many users is shared with their credit card linked iTunes account and therefore could be used to make fraudulent purchases if the account information were actually intercepted by a third party.
To avoid any concerns, users can review their iTunes purchases for unauthorized transactions and change their account passwords. A relatively small number of iTunes accounts were targeted by fraud in July, resulting in the inflated popularity of a specific developer's apps. Apple subsequently removed the developer from iTunes.
Apple has also increased the security of iTunes accounts, requiring users to verify their account information when they log into new devices (and associate their iTunes account with that Mac, Apple TV, iPhone, iPod Touch, or iPad), and now requires that new iTunes account passwords include at least 8 characters with mixed capitalization. Logging into certain devices, including Apple TV, now prompts users to update their password to the new minimum security standard.
11 Comments
It's time that an iTunes account (for a specific ID) was able to have different password that the one used for email etc.
I know I can create a different one just for iTunes but that breaks integration with iPhone stuff (email, FindMyiPhone, etc)
I am always careful.
I am always careful.
The problem here is that using this method, a clever hacker could easily have inserted a phishing page into the genuine Apple site, and no one would have been the wiser. Scary!
The problem here is that using this method, a clever hacker could easily have inserted a phishing page into the genuine Apple site, and no one would have been the wiser. Scary!
I don't think it would have progressed that far. \
Apple needs to rehire their server expert, Chuq Von Rospach!