Previewed at WWDC, launching in the fall.
Apple Support Allowed Hacker Access to Reporter's iCloud Account
On Friday, Wired writer Mat Honan recounted the tale of how his iCloud account was hacked which resulted in his iPhone, iPad and MacBook Air getting remote wiped.
The point of entry appeared to be his iCloud account which was then used to gain access to Gmail and then his and former-employer Gizmodo's Twitter accounts.
At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere.Honan wasn't entirely sure how the hackers had gotten access to his iCloud account. His guess was that they had somehow brute-force guessed the password, while others speculated his password had been keylogged or used in another insecure service.
...
The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone
At 5:01 PM, they remote wiped my iPad
At 5:05, they remote wiped my MacBook Air.
A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well.
As it turns out, the hacker was able to call Apple support and convince them they were the user. From an update to the original blog post:
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.After convincing Apple support that they were Mat Honan, the hacker had Apple Support change Honan's iCloud password which gave them full access. From there, they were able to perform the remote wipes on Honan's devices using Apple's Find My iPhone service which offers remote wipe as a security feature for lost devices.
As a somewhat public figure, Honan may have been an easier target than the average iCloud user, but many users may also have personal information publicly available on online services such as Facebook that could be used in a similar fashion. Forbes' Adrian Kingsley-Hughes suggests that Apple "needs to tighten up security and come clean about what went wrong here."
[ 488 comments ]
Top Rated Comments
(View all)
79 months ago
Also Apple should allow us set a PIN on turning off an iPhone. Find my Phone is useless if all it takes is turning the whole device off. It would be a 10000 times better if who ever steals the phone can't turn it off immediately.
79 months ago
Apple really needs 2-step authentication (Google offers it, and it works really great).
I hope they're able to restore his information from his Macbook Air.
Edit @iCrizzo (right below me)
http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard
This is the user's blog. Apple, obviously, won't admit this ever happened in public.
I hope they're able to restore his information from his Macbook Air.
Edit @iCrizzo (right below me)
Where is the link from Apple saying this was the case? I see a bunch of Twitter links.
http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard
This is the user's blog. Apple, obviously, won't admit this ever happened in public.
79 months ago
What chocks me the most is that someone working at Gizmodo doesn't have a backup...
79 months ago
Anything Gizmodo related I always raise an eyebrow to.
I'll wait to for a response from Apple before taking this story seriously.
I'll wait to for a response from Apple before taking this story seriously.
79 months ago
So, let's get this straight...a hacker "decides" to hack the account of a semi-high profile tech guy and then after committing several serious crimes like fraud that could land him in jail for an extended period of time repeatedly contacts the person he hacked when he must know that Apple will surely pursue this matter?
I smell a rat...
I smell a rat...
79 months ago
time to change my mac account password again! :)
Also 1 Password/Lastpass/Keypass are amazing. Use them.
unfortunately, neither of these moves would have helped Honan.
arn
79 months ago
That could never happen in Europe. Apple support here is unfriendly and would never ever do a "favor".
79 months ago
Dude had no backups? Are you kidding me? IMO that is the scariest part of this story; to think that somebody doesn't have enough common sense to back-up data. Makes me shiver!
[ Read All Comments ]
Dutch media is reporting that an Apple Store at Leidseplein in Amsterdam was briefly evacuated today, likely after an iPad battery overheated.
Image Credit: AS Media
At 2:20 p.m. local time on...
Facebook is contesting a demand from the U.S. government that it break the encryption of its popular Messenger app so that law enforcement can listen in to a suspect's conversations as part of an...
Child actress Brooklynn Prince has been cast in the lead role of Apple's upcoming drama series that's based on the life of young journalist Hilde Lysiak, reports Deadline.
Eight-year-old...
Netflix is testing a new feature that adds video promos in between episodes of TV shows, Netflix confirmed to TechCrunch this afternoon.
The promos Netflix is showing to some users include...
Logitech often works with Apple to introduce new accessories for Apple devices, and in early August, Logitech announced its latest product designed in collaboration with Apple, the new POWERED...
For this week's giveaway, we've teamed up with Choetech to offer MacRumors readers a chance to win a 7.5W Wireless Car Charging Mount that can be used to charge an iPhone X, iPhone 8, or...
The developers of the Transit app this week announced the expansion of real-time crowdsourced data for buses, trains, streetcars, ferries, and so forth to 175 cities across the United States, Canada,...
In a new interview today with The Los Angeles Times, Beats 1 host Zane Lowe discussed a few topics related to Apple Music's daily streaming radio show, including the company's rivals. Without...
