Apple Now Sending Alert Emails When iCloud Accounts Accessed via Web

In an interview last week, Apple CEO Tim Cook noted that Apple would be beefing up iCloud security measures in response to the recent disclosure of compromised celebrity accounts. Among the additional security features said to be rolling out over the following two weeks were new email alerts whenever there is an attempted password change, a device restore from the account, or a login from a new device. Password change and login alerts had previously only been sent when the event took place on an unknown Apple device.

As noted by Letem světem Applem and confirmed by MacRumors, Apple has already begun sending out alert emails when iCloud accounts are accessed via web browsers. The alerts are being sent out even if the specific browser has been used previously to access iCloud, but this is presumably a one-time measure that will not be repeated for future logins with that combination of browser and machine.

icloud_web_login_alert_email
With Apple rumored to be announcing a mobile payments service at tomorrow's event, it is clear the company needs to reassure users that the company is taking security seriously. While the compromised celebrity accounts were targeted attacks rather than a wholesale breach of Apple's iCloud systems, the company's move to enhance security and keep users informed is an important one.


Top Rated Comments

(View all)
Avatar
24 months ago
Apple Email:

Someone just stole all your data.

You can reset your password now.
Rating: 11 Votes
Avatar
24 months ago

Apple Email:

Someone just stole all your data.

You can reset your password now.


P.S. The NSA will need you to email them the new password for security reasons.
Rating: 3 Votes
Avatar
24 months ago

Apple Email:

Someone just stole all your data.

You can reset your password now.


I was thinking the same thing. It's not a security measure to tell the bank they've been robbed, - after the bank is robbed.
Rating: 3 Votes
Avatar
24 months ago
Apple should place access from new devices on a 24 hour delay unless the email is acknowledged. That way you can stop people from stealing your data instead of reacting after the fact.
Rating: 2 Votes
Avatar
24 months ago
If the e-mail associated with your account is your @icloud.com email, wouldn't the unauthorized person have access to this email account via logging into icloud and then they would simply be able to delete the alert email as soon as they log in?
Rating: 2 Votes
Avatar
24 months ago

If the e-mail associated with your account is your @icloud.com email, wouldn't the unauthorized person have access to this email account via logging into icloud and then they would simply be able to delete the alert email as soon as they log in?


I didn't think you could associate your icloud.com email with your icloud account.
Rating: 2 Votes
Avatar
24 months ago

Use the 2 part-authentication. If a new device accesses or a login from an unrecognized system, it requires a code to be sent to your phone in order to continue.


I have the 2 part authentication. The machine I logged into from the web is one I've used before. I only received the notification e-mail, but didn't get any push notification on my other devices.
Rating: 2 Votes
Avatar
24 months ago
Would be better if apple enforced adding another email to your account or not allow these emails to be deleted by anyone except an authorised user.

It's so obvious that Apple has implemented this as fast as possible to get the media off their backs but haven't clearly thought it through, a lot more needs to be implemented.

seems that works even in EU. But you get the email after 4-5 minutes after you signed out


Just enough time to download everything.
Rating: 1 Votes
Avatar
24 months ago

Great success In Kazakhstan!


Hey, would you tell Borat that I did not forget the fact that he still owes me $50? Thank you.
Rating: 1 Votes
Avatar
24 months ago
Email alerts of past login attempts are horrible and provide no benefit.

Worse yet, they can easily be forged.

They should instead get sent via push notification (which I thought Tim Cook said).

But even better they should include a temporary PIN for 2-factor authentication. Sent via email if users' iOS device is not available.

Seriously, what use are these emails if they're sent 15-30 minutes after the hacker has already successfully gained entry?
Rating: 1 Votes
[ Read All Comments ]