Over the last 3 days we've got dozens of reports that Apple IDs were locked out to people who were using Spark and their iCloud email accounts. So let us shed the light on what happened and what we know so far:
- On Thursday we ran some new server-side code tests for Spark users in order to make IMAP connection faster. We run it alongside existing code to avoid service interruption.
- That Thursday night we disabled all the new back-end logic. Only old one, which was working fine for our users for over a year, had been working since then.
- Friday morning we saw some reports on Reddit about the lock outs, so we started to investigate immediately.
- On Friday we reached out to Apple because it was possible that the new iCloud email logic was triggering Apple ID security algorithms that led to Lock Outs.
- The problem did not go away — there still were people on Friday who got Locked Out.
- So on Friday-Saturday Spark was running the old infrastructure, yet iCloud security algorithms were still locking accounts for an unknown reason.
- We did our investigation, confirmed that there is nothing unusual happening on our dedicated servers and everything works as before. However, without Apple and their iCloud team further investigation was impossible.
- Our priority #1 was to stop the Lock Outs — that is why we have disabled our server logic all-togehter for all iCloud email users (me.com, icloud.com, mac.com) on Saturday. In other words, we shut off the push notifications and badge updates.
- We've got a reply from Apple that they are aware of the issue and working on it from their side. Also, they said that there's no data leak or breach on either Apple or Readdle side.
So at this point, the lock outs should not be happening because our push servers are down. So you can connect your iCloud emails to Spark. We think that the statement from Apple is coming shortly, because it seems that the issue is not just on our side.
If you experience a lock out after publication of this post — please send us an email to firstname.lastname@example.org.
Our own investigation found that around 8000 users were affected (iCloud emails). Once again, the team is working day and night on figuring out what has happened and why. Many of you know, that user experience is the very core value that we as a team have and want to provide.
Status as of right now:
- It should be safe to connect your iCloud emails to Spark.
- The team is working to investigate what happened.
- Waiting for Apple WWDR team to comment on this.
UPD: We've just received a response from Apple in which they assured us that there was no any kind of data leak, and your iCloud accounts are 100% safe to use with Spark.
As for now, we turned on server-side operations for iCloud accounts (notifications and badges should be updating again).
We are terribly sorry for all the inconveniences caused and would love to thank you for your patience. We'll post more detailed information soon.