How a Hacker Gained Access to a Reporter's iCloud Account

by

matHonan v4editWired reporter Mat Honan details the exact process by which hackers had gained control of his iCloud account. The hijacked iCloud account resulted in a remote-wipe of his iPhone, iPad and MacBook Air, as well as further intrusions into his Gmail and Twitter accounts.

As previously reported, the hackers were able to convince Apple Support to provide them with a temporary password to access Honan's account. Honan details exactly how this was performed.

Apparently, Apple Support only requires an iCloud user's billing address and last-four digits of the credit card on file in order to issue a temporary password. That temporary password grants full access to the user's iCloud account. Apple spokesperson Natalie Kerris issued this statement which claims that internal policies were not followed completely in Honan's case, but failed to specify exactly how:

“Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”

Wired was able to confirm the reported policy themselves by successfully gaining access to another account using only those two pieces of information: a billing address and last-four digits of the credit card number.

As noted by Honan, a target's billing address is generally easy to determine by looking up a domain registration or by public white pages databases. As for discovering the last-four digits of Honan's credit card, Honan's hacker used a loophole in Amazon's security systems which don't protect the last-four digits of their user's credit card information. The hack requires a two-step phone call to Amazon. In the first call, Amazon allows you to add a second credit card to the account by simply offering the account's billing address, name and email address. Then, a second call allows you to add a second email address by verifying the previously added credit card. This second email address then has access to the account information including the last four digits of the original credit card.

Honan's intrusion seemed to be a result of a targeted effort to infiltrate his Twitter account, and a number of items had to line up just right for the hackers to gain access. The situation does reveal that the differing security processes between different providers could open up unwanted opportunities. It also seems to show that at present, a specific user's iCloud account access can be gained with those two pieces of only semi-private information.

Honan's full story about the sequence of events is an interesting read.

Popular Stories

maxresdefault

Apple Shows Off a Key Reason to Upgrade to the iPhone 17

Saturday February 7, 2026 9:26 am PST by
Apple today shared an ad that shows how the upgraded Center Stage front camera on the latest iPhones improves the process of taking a group selfie. "Watch how the new front facing camera on iPhone 17 Pro takes group selfies that automatically expand and rotate as more people come into frame," says Apple. While the ad is focused on the iPhone 17 Pro and iPhone 17 Pro Max, the regular iPhone...
Read Full Article83 comments
apple wallet drivers license feature iPhone 15 pro

Apple Says These 7 U.S. States Plan to Offer iPhone Driver's Licenses

Monday February 9, 2026 6:24 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future. To set up the...
Read Full Article112 comments
Apple Logo Zoomed

Apple Expected to Launch These 10+ Products Over the Coming Months

Tuesday February 10, 2026 6:33 am PST by
It has been a slow start to 2026 for Apple product launches, with only a new AirTag and a special Apple Watch band released so far. We are still waiting for MacBook Pro models with M5 Pro and M5 Max chips, the iPhone 17e, a lower-cost MacBook with an iPhone chip, long-rumored updates to the Apple TV and HomePod mini, and much more. Apple is expected to release/update the following products...
Read Full Article39 comments
14 inch MacBook Pro Keyboard

New MacBook Pros Could Now Arrive in March

Sunday February 8, 2026 6:02 am PST by
New MacBook Pro models with the M5 Pro and M5 Max chips could arrive as soon as Monday, March 2, according to Bloomberg's Mark Gurman. In today's "Power On" newsletter, Gurman said that the release of new MacBook Pro models is tied to the release of macOS Tahoe 26.3. The launch is said to be slated for as early as the week of March 2. He added that the M4 Pro and M4 Max models on sale today...
Read Full Article132 comments
m5 macbook pro deal

Why You Shouldn't Buy the Next MacBook Pro

Tuesday February 10, 2026 4:27 pm PST by
Apple is planning to launch new MacBook Pro models as soon as early March, but if you can, this is one generation you should skip because there's something much better in the works. We're waiting on 14-inch and 16-inch MacBook Pro models with M5 Pro and M5 Max chips, with few changes other than the processor upgrade. There won't be any tweaks to the design or the display, but later this...
Read Full Article194 comments

Top Rated Comments

faroZ06 Avatar
faroZ06
176 months ago
Who cares.. Is it a 'rumor' that someone's iCloud account got hacked or is it a fact? It's a FACT. This site is for RUMORS.

You must be constantly angered by MacRumors then.
Score: 35 Votes (Like | Disagree)
brentsg Avatar
brentsg
176 months ago
This happens with a ton of Xbox Live accounts too. Microsoft doesn't seem to care. Also, since it's Microsoft and not Apple, the media doesn't care either.
Score: 15 Votes (Like | Disagree)
nagromme Avatar
nagromme
176 months ago
Big, scary, simple failures here on the parts of Apple (using the credit card number as ID), Amazon (giving out that number!) and Google (giving out your alternate email address to strangers).

If I had to name 3 companies (that I actually use) which I trust the most to keep things secure, it would have been those 3... before today! (I know Google tracks me, but I’m surprised at this kind of lapse.)

I’m sure I’m not alone today in turning off Find My iPhone/iPad/Mac for the time being. And it’s probably smart to use different credit cards with different services, even if it means more bills to manage monthly. I do already use different (and hard to guess) passwords, and I back up in multiple ways including locally. Very important.

Something NEW is needed to make security usable AND effective for all of us, and incident this shines a light on the problems. What’s scary is, I doubt we'll see the changes (across MANY more companies than these 3) happening fast enough.

P.S. I hope the hackers spend some serious jail time after wiping out the guy’s family photos :mad:
Score: 12 Votes (Like | Disagree)
heov Avatar
heov
176 months ago
Solution: apple needs better security. more than last 4 digits of CC and billing address should be required.
Score: 10 Votes (Like | Disagree)
Repo Avatar
Repo
176 months ago
Who cares.. Is it a 'rumor' that someone's iCloud account got hacked or is it a fact? It's a FACT. This site is for RUMORS.

Really?
Score: 9 Votes (Like | Disagree)
Mengele Avatar
Mengele
176 months ago
A blogger is not a reporter!
Score: 8 Votes (Like | Disagree)
Read All Comments