Today, I suddenly got the following message on my iPod:
Question 1: Does this mean that someone has entered my Apple ID password, or are there other situations where this dialog is triggered? Update: According to an Apple Support representative, there may be other ways to activate this pop-up than entering the password. However, the representative didn't know of any such methods herself.
Question 2: Is there any way I can learn more about the iPad that was used during the login attempt? I have visited appleid.apple.com/account/manage, but can't see any information about "non authorized logon attempts" or similar. Does anyone know if Apple keeps a record, even if it's unavailable through their customer-facing services? If yes, is there a way to get this record? Update: The Apple Support representative did not have any more information available through her systems. I asked if more information would have been available if this had been a criminal investigation. She responded that she didn't know, since such requests didn't go through her department.
If anyone wonders: As far as I can tell no harm was done. Obviously, I declined the request and immediately changed my password. But only my fiancee & I should have known the old password in the first place, so I found this a bit unnerving. The old password was unique to the Apple account and quite complex (more than 12 characters, no normal words, upper- and lowercase plus numbers). I really can't understand how anyone else can know the password unless they have installed a keylogger on my Mac or similarly advanced.
Update 2: Today, my iPhone suddenly displayed a popup saying "Use this iPhone to reset your Apple ID password [Allow]/[Don't allow]". (I regrettably forgot to take a screen shot.) Is this an indication of a sustained attack?
Best Answer
Q1: Yes, it looks like someone entered your Apple ID and password. I don't think there's any other situation where this type of dialog would be triggered.
Q2: You did the right thing in immediately changing your password. There's nothing you can do to get more info on who is using your ID, you did everything I would've suggested. My only remaining advice would be to contact Apple, chat would probably be easiest, and let them know what happened. It's also good to see that there was no malicious activity on your account, however, you probably want to watch it for purchases every few days.
You mentioned the potential for malware or a key logger, that's quite possible. Make sure you're checking your machines regularly for malware (I use Malwarebytes), especially if anyone is logging into your Apple account on a Windows machine.