Over the last twenty four hours, a substantial number of users are reporting that they are finding their Apple IDs locked for security reasons inexplicably. The root cause appears to be users of the popular Spark email app by Readdle, where customers can log in with their iCloud credentials. The iCloud warnings of a security hack are seemingly incorrect: there has not been a server attack or data leak as explained by the app’s makers.
Although security lockouts and forced password resets generally indicative of a hacker attempting to gain access to the account, it does not appear that this is the case here. Readdle explained that it has seen no signs of a data breach or other intrusions and explains the problem as a server fault.
In a statement on Reddit, Readdle says that server upgrades to its app appear to be inadvertently causing Apple ID password resets.
Thank you for the feedback and comments! Our team has been investigating this for a few hours.
What we know so far: 1. There’s no breach or data leak according to our investigation. 2. The new, faster AWS server logic might have triggered iCloud security algos. We are already working with Apple to learn more details.
We are doing some server side work to make Spark much faster, and to make it ready for the Mac version , which is already in Alpha.
We will keep you updated once we have more news from Apple side.
It sounds like Readdle is deploying some new server code to make the app faster and more reliable for its users, but the change in behavior triggered a false positive response from Apple’s iCloud system. It’s unclear if the problem has been resolved yet by either Apple or Readdle.
At this time, it does not appear that an unscrupulous third party is attempting to gain access to the affected accounts. However, it cannot hurt to change your password regardless for peace of mind. Readdle says it is working with Apple on the matter. Follow Spark Mail on Twitter for further developments and the latest information on this issue.