Last night a few users began reporting that their Apple IDs had been compromised, causing them to be locked out of their accounts. Recovering and password resets worked for a handful of Apple IDs, but it was still unclear overnight what might have been happening to cause the small breach in Apple's otherwise secure universal log-in system.

This morning speculation came to a close as third-party email client Spark confirmed that an upgrade to faster servers for iCloud users on the platform triggered the issue and forced password resets in a collection of Apple IDs. The company mentioned that it has been preparing to launch Spark for Mac, which was the reason for the faster server upgrade, but now promises that "there's NO breach or data leak" that users have to worry about.

spark mail picture
Readdle, the creators of Spark, reiterated what it tweeted out throughout the morning in a post on Reddit.

Hello guys,

Thank you for the feedback and comments! Our team has been investigating this for a few hours. What we know so far: 1. There's no breach or data leak according to our investigation. 2. The new, faster AWS server logic might have triggered iCloud security algos. We are already working with Apple to learn more details. We are doing some server side work to make Spark much faster, and to make it ready for the Mac version, which is already in Alpha. We will keep you updated once we have more news from Apple side.

Thank you.

As some users have noted, the security problem didn't hit all Spark users who use the service with their iCloud account. The company said that it's working with Apple to get the issue fixed as soon as possible, but it seems that users affected by the security lockouts need not worry about malicious attempts at entry into their private Apple ID at least. If Readdle posts any more updates on its fix for the problem, we'll update this story as well.

Tag: Spark

Top Rated Comments

Max Portakabin Avatar
87 months ago
Breach or not, they could have at least apologised considering the inconvenience created in changing out your Apple ID password.
Score: 5 Votes (Like | Disagree)
dogslobber Avatar
87 months ago
I personally didn't think they stored them. I thought they just used my phone-stored password. Now that I know for a fact they store it off site, I'm much more upset.
"Accounts are added to Spark through OAuth where possible. Where OAuth is not supported we keep your account username and password on our secure servers. We then use the authorization provided to download your emails to our virtual servers and push to your device.
[...]
The safety and security of your information also depends on you. You should not share your email user name and password with anyone. If you find out that anyone has improperly obtained your login credentials and accesses your email account through Spark, you should immediately change your password. We are not responsible for such unauthorized access unless the access is our fault."


https://sparkmailapp.com/privacy

LOL. What a con. Apple should punt this app from the App Store.
Score: 3 Votes (Like | Disagree)
Rigby Avatar
87 months ago
It seems to me that, from the security perspective, it's just a bad idea to use an email service that inserts itself between you and the actual email provider, since they still have to store your password on their servers in case the email provider doesn't offer secure authentication via oauth tokens (which iCloud doesn't). This affects not only Spark, but also the Outlook mail app. This time it was apparently harmless, next time it could be a serious breach. And two-factor doesn't really help in case of iCloud, since you have to use an application password which is not protected ...
Score: 3 Votes (Like | Disagree)
Peepo Avatar
87 months ago
I thought Spark was better vs. Outlook in regards to not being in the middle storing passwords etc. Now that I hear this, I have removed it. I have had my account locked out twice this week.

With 2 factor authentication on iCloud, there should be no way Spark could permanently hack your iCloud account since you have to generate a one time password for it. But I still don't like that it locks accounts. Maybe after everything is fixed I'll give it another try.
Score: 3 Votes (Like | Disagree)
thebroz Avatar
87 months ago
Twice I was locked out in the past couple days. It might be time to ditch Spark. It's a major nuisance to change my Apple ID password because it affects a number of devices.
Score: 3 Votes (Like | Disagree)
coolfactor Avatar
87 months ago
It seems to me that, from the security perspective, it's just a bad idea to use an email service that inserts itself between you and the actual email provider, ...
Exactly. It raises so many questions.

* Since they are impersonating you, they need to keep your password stored, not a one-way hash of it. How securely are they storing it? Who has access to it at the company?
* How secure is the email storage on their servers? Do they have one giant database serving all users, and filter by ID, or separate, segregated databases for each user?
* Can technical problems at their end cause emails to be deleted unintentionally?

Email is far too important to me to introduce layers of complexity and uncertainty like that.

(@Runbox rocks for email, by the way.)
Score: 3 Votes (Like | Disagree)

Popular Stories

iOS 16

iOS 16.4 for iPhone Nearing Launch With These 5 New Features

Monday March 20, 2023 11:50 am PDT by
Apple says iOS 16.4 is coming in the spring, which began this week. In his Sunday newsletter, Bloomberg's Mark Gurman said the update should be released "in the next three weeks or so," meaning a public release is likely in late March or early April. iOS 16.4 remains in beta testing and introduces a handful of new features and changes for the iPhone. Below, we have recapped five new features ...
apple park at night 1

Apple 'Tracking Employee Attendance' in Crackdown on Remote Working

Thursday March 23, 2023 3:41 am PDT by
Apple is tracking the attendance of its employees at offices using badge records in order to ensure they are coming in at least three times a week, according to Platformer's Zoë Schiffer. Since April 2022, Apple employees have been operating on a hybrid home/office work policy as part of a gradual return strategy following the pandemic, with staff required to work from the office at least...
iphone 14 pro max deep purple feature purple

iPhone 15 Pro Rumor Recap: 10 New Features and Changes to Expect

Thursday March 23, 2023 6:42 am PDT by
While the iPhone 15 series is still around six months away from launching, there have already been plenty of rumors about the devices. Many new features and changes have been rumored for the iPhone 15 Pro and iPhone 15 Pro Max in particular. Below, we have recapped 10 changes rumored for iPhone 15 Pro models that are not expected to be available on the standard iPhone 15 and iPhone 15 Plus:A1...
dynamic island

iPhone 15 Dynamic Island to Include New Integrated Proximity Sensor

Friday March 24, 2023 12:27 am PDT by
This year, all iPhone 15 models will include Apple's Dynamic Island that unifies the pill and hole cutouts at the top of the display, but there will also be a material change to the feature that wasn't included in the iPhone 14 Pro models. According to a new tweet by Apple industry analyst Ming-Chi Kuo, the proximity sensor on the iPhone 15 series will be integrated inside the Dynamic Island ...
maxresdefault

Nothing Launches $149 Ear (2) Wireless Earbuds to Compete With AirPods Pro 2

Wednesday March 22, 2023 9:48 am PDT by
Nothing today announced the launch of its second-generation wireless earbuds, the Nothing Ear (2), which offer many of the same features as Apple's AirPods Pro 2 at a lower price point. We went hands-on with the Ear (2) earbuds to see whether they're a viable alternative to the AirPods Pro 2 for those who want to save some cash. The Ear (2) earbuds are the successor to the Nothing Ear (1),...
voice isolation

iOS 16.4 Adds Voice Isolation for Cellular Phone Calls

Tuesday March 21, 2023 11:01 am PDT by
The iOS 16.4 update that is set to be released to the public in the near future includes voice isolation for cellular calls, according to notes that Apple shared today. Apple says that Voice Isolation will prioritize your voice and block out the ambient noise around you, making for clearer phone calls where you can better hear the person you're chatting with and vice versa. Voice...
TMobile Sprint

Apple Stops Allowing Sprint iPhone Activations, Removes Sprint References From Online Store

Thursday March 23, 2023 12:06 pm PDT by
Apple is no longer allowing customers who purchase an iPhone, cellular iPad, or Apple Watch to activate a device with now-defunct mobile carrier Sprint. Apple has also removed remaining references to Sprint from its online store. When checking out with a new purchase, Sprint is no longer an option for connectivity, a change that Apple appears to have implemented today. Prior to now, Sprint...
airpodsd 3 purple 4

iOS 16.4 Seemingly References New AirPods and AirPods Case

Tuesday March 21, 2023 11:43 am PDT by
The iOS 16.4 release candidate version that was provided to developers today appears to hint at a new set of AirPods that could be coming in the near future. According to @aaronp613, the beta features references to AirPods that have a model number of A3048 and an AirPods case with a model number of A2968. There have been no rumors that new AirPods are on the horizon, and it is early for...