Apple Learning Interchange: Security Compromise
Apple is apparently alerting ALI forum members that Learning Interchange account passwords have been compromised. In a message forwarded to us by several TUAW readers, Apple warns that members who commonly use the same credentials on multiple sites may be at risk. If you are an ALI account user, please consider updating any accounts that use identical credentials. Here is the Apple quote that was sent to us. We recently learned that the security of Apple Learning Interchange (ALI) members' names and passwords may have been compromised. These accounts are limited to accessing the ALI discussion board and do not contain sensitive information such as credit card or social security numbers.
While ALI member names and passwords are not linked to your Apple ID, our records indicate that your ALI member name and Apple ID are the same. For this reason we strongly recommend that you change your Apple ID password as well as any others that might have the same name and password combination.
At the time of posting, the ALI site (also linked to in the Source link) is unavailable. We do not have confirmation from Apple about this situation, although we have contacted them for a statement.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Kensico said 11:14PM on 7-02-2009
is this PHISHING?
Reply
Ken said 12:24AM on 7-03-2009
Where can I get the Apple sweatshirt in the photograph? It looks sweet.
Reply
Daviesifier said 7:24AM on 7-03-2009
+1 would love one of those!
Erica Sadun said 9:14AM on 7-03-2009
Store Hours:
Monday - Friday 10:00 a.m. to 5:30 p.m.
Phone: (408) 974-5050
Cronick said 12:39AM on 7-03-2009
Well that's why I use 1Password. I can create a new password for every site I visit but only every have to type in my master password. One password to rule them all.
Reply
go2jo said 2:19AM on 7-03-2009
I recently had my Apple ID hijacked when I joined the iPhone Dev Center. I was asked to log in with my username & password for the Apple Dev Center, which of course your my Apple ID.
Within an hour or two, someone logged into iTunes changed my username & password, locking me out. They also bought two $50.00 iTunes Gift Certificates.
Being that Apple doesn't have 24 hr customer service I couldn't straighten it out until the next day.
There are many ways, someone can either change a password on an account. There is even a simple web eMail form where you can just ask to have it done. But no one has told me yet how it was changed. I want to know how this person got my info by joining one of the Apple Dev Connections?
This has Apple ID hijacking has been going on for years, and Apple has done nothing about it.
I documented the whole thing on my blog, if anyone is interested.
http://is.gd/1lJ0U
Reply
boatbasin said 5:51AM on 7-03-2009
Erica - Where can we cop that sweet hoodie in the pic?
Geeker said 8:39AM on 7-03-2009
As far as I know the only place you can procure official Apple gear is from their company store in Cupertino.
http://www.apple.com/companystore/
Reply
Roberto said 9:32PM on 7-03-2009
I thought that the /etc/password file only contained the hash of each user password. So, even the webmaster or root cannot see your password, but the authentication algorithm can verify your entered password with the hash.
Were they using MD5?
Reply