Apple ID two-step verification feature rolls out to dozens of new countries

Apple this week has greatly expanded the availability of its Apple ID two-step verification, bringing the feature from 11 countries to 59 countries. Two-step verification for Apple IDs uses either iOS’s Find my iPhone application or SMS to provide login verification in addition to a password. The feature first rolled out for both Apple ID and iCloud IDs in early 2013 and it expanded to a few more countries later that year. Here are all the countries that support two-step verification (both the original countries and the new ones):

Read more

Apple denies iCloud breach was responsible for device lockout attack, advises users to change passwords

icloud

Last night we reported that several Mac and iOS users were finding their devices remotely locked by hackers who had gained access to the users’ Find My iPhone accounts and demanded a ransom to return the devices to a working state.

Today Apple issued a statement on the problem, noting that—as suspected—the iCloud service itself was not actually breached, but individual user accounts may have been compromised through password reuse or social engineering:

Read more

Australian Mac and iOS users find devices remotely locked, held for ransom (and how to keep yours safe)

1401164873077

The Sydney Morning Herald reports that several Australian Mac, iPhone, and iPad users are finding that their devices have been locked remotely through Apple’s Find My iPhone service by someone using the name “Oleg Pliss.” The hacker (or hackers) then demand payments of around $50 to $100 to an anonymous PayPal account in order to restore the devices to their owners.

An active thread on Apple’s support forum was started yesterday as users started to discover that they had been targeted by the attack. According to that discussion, users are finding all of their devices locked at once rather than a single device per user. Based on that report and the fact that Find My iPhone is being used to hold the devices hostage, it seems likely that the perpetrator has gained access to these users’ iCloud accounts—possibly through password reuse by those users—rather than some device-specific malware or hack.

Read more

Apple opens iAd Workbench platform to non-developers, adds video clip support

As noted in a report today from Ad Age (via MacRumors), Apple is now allowing non-developers to access and use the iAd Workbench platform.

At the onset of its mobile-ad business, Apple extended olive branches to a select group of brands, promising premier reach. But advertisers pushed back against its pricey offerings. Now, it appears Apple has concluded money in mobile ads comes from a wide net; in short, it’ll look more like Google.

Previously, iAd Workbench users had to at least be enrolled in Apple’s $99/year registered developers program, but now opening an iAd Workbench account will only require an Apple ID which is free to create with any Apple service or device. Ad Age reports that customers using iAd Workbench can choose between payment based on cost-per-click or cost-per-thousand impressions, although rates are currently not clear. Read more

Report: EA Games server compromised, hackers stealing Apple ID, credit card & Origin account info

Update: EA said in a statement that it’s investigating the reports (via TheVerge):

“Privacy and security are of the utmost importance to us, and we are currently investigating this report… We’ve taken immediate steps to disable any attempts to misuse EA domains…”

According to a report from internet security and research company Netcraft, hackers have compromised an EA Games server and are currently using it to host a phishing site that steals Apple IDs and more from unsuspecting users. The company published its report today and says it contacted EA yesterday to report the discovery, but as of publishing the compromised server and the phishing site stealing Apple IDs were still online.

Netcraft claims the phishing site being hosted on EA’s servers not only asks for an Apple ID and password but also the user’s “full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster.” Netcraft also reports that EA Games is being targeted in other phishing attacks that are attempting to steal user data from its Origin game distribution service: Read more

Apple’s two-step verification for Apple IDs arrives in Canada, France, Germany, Japan, Italy, & Spain

Apple-Two-Step-Verifiication

Back in May of last year, a long list of readers in countries around the world reported having access to Apple’s two-step verification security feature for their Apple ID. Shortly after the news broke, the feature disappeared in many countries signaling it had been launched prematurely. The only officially supported countries listed on Apple’s website included the “U.S., UK, Australia, Ireland, and New Zealand.” However, today the feature has appeared in several new countries including Canada, France, Germany, Japan, Italy, & Spain. Apple has also updated its support pages for two-step verification here and here to list the new countries. 

Read more