Thanks Sam. All changed. All quite easy with 1Password, albeit a bit of faff getting iMessage on Mac to send via my phone number, not email.
I remember my Mac Classic, system 7 and oh, things were so much more simple! On Thursday, September 21, 2017 at 6:04:47 PM UTC+1, Sam - MacAmbulance wrote: > > If your appleID has an @icloud.com address as well as the gmail, then the > password will work for both usernames yes. > > If the password was unique then shouldn’t be much to worry about but I’d > change your gmail anyway. > > Sam > [image: MacAmbulance] > MacAmbulance Ltd. Providing Affordable Mac/PC Support and Web Development > Sam Mullen > +44 (0)7747778022 > [email protected] <javascript:> > www.macambulance.co.uk > > MacAmbulance Ltd. is a registered company in England & Wales, registration > number 8466597 > > This email is intended solely for the addressed recipients and may contain > privileged or confidential information. > If you have received this email in error please notify the sender and > delete the email immediately. > > On 21 Sep 2017, at 14:03, mac98aop <[email protected] <javascript:>> > wrote: > > Eek, thanks Sam. > > I thought I was all over this, using 1Password, but turns out I have been > pwned. I've just changed my Apple ID password. > > But to ask... > > 1. I use an @gmail email for my AppleID email. haveibeenpwned also says my > @icloud email is breached. But, is that simply linked to my AppleID, as > opposed to having its own password that also needs changing? > > 2. Given I use my @gmail for my AppleID, I guess I should also change my > login to all Google products (it was already unique) but better safe than > sorry, given I can't know which login was breached, right? > > So grateful for your post, Sam. > > Thanks again > > Adam > > On Thursday, September 21, 2017 at 11:17:04 AM UTC+1, Sam - MacAmbulance > wrote: >> >> Hi Everyone >> >> I’d recommend you check your AppleID email address here : >> https://haveibeenpwned.com and see if your login details have been >> exposed by any security breaches, if so, change your iCloud password >> immediately. >> >> For example, let’s say I’ve got an AppleID of [email protected], >> password >> “Password1” (who’d do that right?) and I’ve also used that same combination >> for my Dropbox and LinkedIn login details, then been double silly and >> haven’t changed those login details in years. Dropbox was hacked in 2012, >> LinkedIn was also hacked. That particular password combination was exposed. >> “Credential Stuffing” is where some nefarious do-badder will take that >> combination and attempt to log into other services hoping I’d used the same >> login details on other services. >> >> A client called yesterday saying her Mac and iPad had been remotely >> locked via Find My iPhone. Someone had logged into her iCloud account and >> remote-locked her devices, with a message containing an email address, >> demanding bitcoin to unlock them. >> >> What of 2-Factor authentication you say? But Sam, It’s impossible to log >> into iCloud without receiving a code on your phone. Well, Find My iPhone >> (for obvious reasons if you’ve lost your phone) isn’t protected by 2FA, so >> you can log into it using just your username & password, then remote wipe >> and remote lock are easily available. >> >> The moral of the story, don’t use the same login details for multiple >> services and do change your passwords semi-regularly. >> >> Sam >> [image: MacAmbulance] >> MacAmbulance Ltd. Providing Affordable Mac/PC Support and Web Development >> Sam Mullen >> +44 (0)7747778022 >> [email protected] >> www.macambulance.co.uk >> >> MacAmbulance Ltd. is a registered company in England & Wales, >> registration number 8466597 >> >> This email is intended solely for the addressed recipients and may >> contain privileged or confidential information. >> If you have received this email in error please notify the sender and >> delete the email immediately. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Sussex Mac User Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/group/smug. > For more options, visit https://groups.google.com/d/optout. > > > -- You received this message because you are subscribed to the Google Groups "Sussex Mac User Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. Visit this group at https://groups.google.com/group/smug. For more options, visit https://groups.google.com/d/optout.
