The emails look legit, came from [email protected], don’t even have a link in them to reset password, just a plaintext url to access appleid settings if I need to reset password.

Dear <>,
Your Apple ID (<>) was used to sign in to iCloud via a web browser.
Date and Time: October 21, 2023, 10:30 PM PDT
If the information above looks familiar, you can ignore this message.
If you have not signed in to iCloud recently and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.
Apple Support

I have 2fa enabled, and haven’t got a login request any time I’ve got one of these emails.

The password isn’t used for anything else, and is complicated enough that I highly doubt it was bruteforced.

The only other thing of note, is that around the time I started getting these emails, my windows machine prompted me a couple of times in a couple of days to re-sign-in to the iCloud desktop app. But the signin requests have stopped on windows, and the emails have continued. Oh, and this desktop currently shows up 4 times in the appleid devices list for some reason.

Anyone have any idea whats going on?

As a last resort I may contact apple support, but 1. I’ve been apple support before, and 2. the couple of times I’ve been stumped by apple device behavior, even their highest available support specialist couldn’t resolve the issue (Though, I did eventually figure it out on my own)

    • NightAuthor@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      That’s not a bad idea. I’ll give that a shot, if only to rule out the desktop. My working theory is that theres a bug in the windows icloud program, and this could help isolate the source. Maybe after a bit, if no issues arrise with your test condition, I will sign in via a desktop browser and see if the emails re-appear, indicating that it may be my computer in general, as opposed to just the icloud program. We’ll see.

      Thanks

  • Syldon@feddit.uk
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Just change your password again to make sure. If it is a fishing attempt then changing the password can make it harder for any chance of success. Use the official website by googling Apple login.

  • allywilson@sopuli.xyz
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    If you have MFA enabled, and getting these alerts it would suggest MFA has been bypassed. I would contact Apple immediately.

    • NightAuthor@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      1 year ago

      So far, they’re useless.

      Ok, so one of the things you would want to do though is to goto appleid.apple.com and change your password just in case someone has it.

      There are not anything out of ordinary showing on the account.

      So, I just signed out of all my devices, for seemingly no reason. And they were going to end chat with… idk, seems fine to me, basically. I want to know why the fuck I’m getting these emails.

  • TenderfootGungi@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    First, go into settings and look at the devices logged in. The list is in your account name at the top. Are they all yours? Could be bad pfishing attempts or could be some error in iCloud sending them.

    • NightAuthor@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Yeah, all my devices, all here with me right now. Only weird thing there is that my windows desktop was listed 4 times.

      And now after changing password and signing into my phone, watch, and desktop, there is a new device, named after my desktop, but it says its an iPhone… but that its running windows?! https://snipboard.io/A40yZP.jpg

      I feel like they’re just trying to irritate me out of using a windows pc, though I’d sooner get rid of all my apple devices.

      I guess I’m just going to see if the emails keep coming after the password change. We have no reason to suspect that the password was compromised… but hey, sometimes the things that dont seem to make sense end up working.

      • Oahziel@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Here’s my theory. It’s not that your Windows desktop was listed 4 times. Those are 4 different devices. One of them is the real Windows desktop. The others are some other devices (could be the attacker’s, or your automation devices) that are using the same authentication token copied from your Windows machine. That’s why they are all recognized as your Windows desktop.

    • NightAuthor@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      edit-2
      1 year ago

      The link isn’t even clickable in the email, so I don’t see how it could be a phishing attempt.

      Edit: This wasn’t meant to be a condescending tone or anything, not sure why the downvotes. Am I missing something?

      • Actaeon@artemis.camp
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Even if it is not clickable some folks copy/paste, and you can long press a url in iOS. The “L” in apple could be masked with an “i” but Apple should have bought that domain already. There was just a big phishing attack the other day where someone used an lookalike character that some browsers didn’t filter out.

        • NightAuthor@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Ah, ok. Makes sense. Let me take a look…

          um, no, pasted it into sublime-text and did a find for a hand-typed url, and its all normal characters. Did an online string compare too, no difference.

          At this point, I’m quite sure its a bug in either their server software, or the windows icloud application.

  • B0rax@feddit.de
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Do you some kind of iCloud backup running on an NAS or something like that? Some of them register as a Webbrowser login.