Possible vulnerability. Bypassing both 2FA and device list

Mac Jim ID wrote:

Punisher2006 wrote:

Possiblly in the way that this forum shows responses. They don't seem to be in a particular order on my end and don't seem to always be parsed under which post I replied to.

Just to help with the sort order, under the original post on the right site, it is usually best to Sort By: Newest, so you get a chronological order of posts with the newest on top.

Crap! I completly missed that! That is much better, thanks!

Final answer from security report.

We’re unable to identify a security issue in your report.

We reviewed your report and were unable to identify a security issue. If you have new information that you didn’t include in your report, providing it now may allow us to review your report further.

ME: The security iss ue is that someone was able to bypass Apple's 2-factor authentication AND the security of the device list. Nobody should be able to use your account without going through the 2FA or leaving a trail. That is the security issue/breach.

Jeff Donald wrote:

You don’t understand how your PayPal account interacts with your Apple Account. You don’t understand what merchant tokens are. You don’t understand how tokens for your PayPal account work. You don’t understand how you bypassed 2FA when you added your PayPal account to your Apple Account.

On a separate but necessary level of understanding is What Apple Pay is and how it’s not your Apple Account. You don’t understand the difference between the Wallet app and your Apple Account and how they do not connect.

I could go on and on but I don’t see the point. You’re convinced you’re right, despite your lack of understanding about payment systems and security surrounding them.

There is a reason your report is being rejected. It’s all the reasons I stated above and more. Sorry to be blunt.

Please explain it like I'm 5. I have some brain damage so that may be preventing me from understanding what your trying to say.

Explain how the items show up on my Apple Account.

I understand that when I added PayPal to my payment methods I had to use 2FA to add them.

I understand that any purchases after that from my Apple Account "byass" the PayPal 2FA where it's not asked for again when purchasing from my Apple Account.

I don't understand what the signifiicant diifference is when I say my Apple Account and Apple Pay or the Wallet. Is it just symantics?They seem to all be connected.

I don't use Apple Pay anywhere unless it's already on my iPad. I have never installed it anywherw else. I'm not even sure it's possible to install it on an Android phone which is what I have.

I don't understand how someone used my Apple ID/Account/whatever you want to call it without activating the 2FA that is setup for my Apple Account. If I gave you my Apple password and you tried to login wouldn't part of the process by that 2FA kicks in BEFORE you could actually access ANYTHING in my account, including my payment methods? If I don't either click allow on my iPad or send you the code I received via text, shouldn't you be unable to login fully?

It is a fact that someone added my Apple account on their own iPhone 8. The rep confirmed it and having the purchased items show up as purchases in my account and on the report an issue site confirms it.

I'm not trying to be argumentative for the record. I'm truly trying to understand hat happened and how.

The pourchases themselves showed up in my account but there was no other indication of the device.