How a Hacker Gained Access to a Reporter's iCloud Account
Wired reporter Mat Honan details the exact process by which hackers had gained control of his iCloud account. The hijacked iCloud account resulted in a remote-wipe of his iPhone, iPad and MacBook Air, as well as further intrusions into his Gmail and Twitter accounts.
As previously reported, the hackers were able to convince Apple Support to provide them with a temporary password to access Honan's account. Honan details exactly how this was performed.
Apparently, Apple Support only requires an iCloud user's billing address and last-four digits of the credit card on file in order to issue a temporary password. That temporary password grants full access to the user's iCloud account. Apple spokesperson Natalie Kerris issued this statement which claims that internal policies were not followed completely in Honan's case, but failed to specify exactly how:
“Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”
Wired was able to confirm the reported policy themselves by successfully gaining access to another account using only those two pieces of information: a billing address and last-four digits of the credit card number.
As noted by Honan, a target's billing address is generally easy to determine by looking up a domain registration or by public white pages databases. As for discovering the last-four digits of Honan's credit card, Honan's hacker used a loophole in Amazon's security systems which don't protect the last-four digits of their user's credit card information. The hack requires a two-step phone call to Amazon. In the first call, Amazon allows you to add a second credit card to the account by simply offering the account's billing address, name and email address. Then, a second call allows you to add a second email address by verifying the previously added credit card. This second email address then has access to the account information including the last four digits of the original credit card.
Honan's intrusion seemed to be a result of a targeted effort to infiltrate his Twitter account, and a number of items had to line up just right for the hackers to gain access. The situation does reveal that the differing security processes between different providers could open up unwanted opportunities. It also seems to show that at present, a specific user's iCloud account access can be gained with those two pieces of only semi-private information.
Honan's full story about the sequence of events is an interesting read.
Popular Stories
Apple is planning to launch at least 15 new products in 2026, according to Bloomberg's Mark Gurman.
Gurman outlined what to expect from Apple in 2026 in the latest edition of his "Power On" newsletter. He said the company is heading "into one of its most pivotal years in recent memory," with the rollout of major new Apple Intelligence features, intense regulatory pressure on the App Store,...
The upcoming iOS 26.1 update includes a small but helpful change for iPhones, and it could prevent you from running late to something important.
Specifically, when an alarm goes off in the Clock app, there is a new "slide to stop" control on the screen for turning off the alarm. On previous iOS 26 versions, there is simply a large "stop" button, which could be accidentally tapped.
The new ...
In his "Power On" newsletter, Bloomberg's Mark Gurman today provided an update on the status of Apple Intelligence and the plans for it in 2026.
Apple is still planning to roll out its revamped version of Siri around March of next year. The release should be accompanied by the release of a new smart home display product with speaker-base and wall-mount options. A new Apple TV and HomePod...
A new Apple TV and HomePod mini could launch as soon as this month, Bloomberg's Mark Gurman today suggested.
In today's "Power On" newsletter, Gurman said that Apple retail stores are planning an overnight refresh on the evening of November 11, where changes will be made after closing, such as refreshing displays and placing new products for the following day.
The timing of the overnight...
Apple today released iOS 26.1, the first major update to the iOS 26 operating system that came out in September, iOS 26.1 comes over a month after iOS 26 launched. iOS 26.1 is compatible with the iPhone 11 series and later, as well as the second-generation iPhone SE.
The new software can be downloaded on eligible iPhones over-the-air by going to Settings > General >...
Apple is expected to launch a new foldable iPhone next year, based on multiple rumors and credible sources. The long-awaited device has been rumored for years now, but signs increasingly suggest that 2026 could indeed be the year that Apple releases its first foldable device.
Below, we've collated an updated set of key details that have been leaked about Apple's foldable iPhone so far.
Ove...
We're officially in the month of Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon.
Note: MacRumors is an affiliate partner with some of these vendors. When ...
Apple has just given a strong indication that it will not be releasing any additional new Macs for the remainder of the year.
Apple's CFO Kevan Parekh dropped the hint during the company's earnings call on Thursday:On Mac, keep in mind, we expect to face a very difficult compare against the M4 MacBook Pro, Mac mini, and iMac launches in the year-ago quarter.Parekh essentially gave a heads up ...
