Apple Support Gives Hacker Access to Blogger's iCloud

[v90k]

[citation][nom]ericburnby[/nom]LOL at the idiots yapping without knowing the full story. Now the truth has come out, and here's how they got access:The hackers got his Gmail from his personal website. They also did a WHOIS to get his billing address. They went to the password rest page at Google and didn't even need to reset - they saw the e-mail for his alternate contact (some letters blocked out, but they were able to guess those and since it was an @me account it verified he had an Apple ID. They contacted Amazon with his billing address and e-mail and added a new credit card number to his account. Not sure why Amazon would let you add a new CC number without fully verifying the caller, but they did. They then called back Amazon for a password reset.Now get this: They called back Amazon to change their e-mail/reset their password. One of the pieces of ID they used was the credit card THEY JUST PROVIDED. They then reset the password and logged into his Amazon account. Looked at the credit cards on file (which shows the last 4 of the number).With all this information they called Apple, provided the e-mail, billing address and last 4 digits of his credit card. Apple then let them reset the account.So after hacking into Amazon first they were then able to fill in the pieces to fool an Apple tech support person to reset their password/account.So much for all you idiots going on about how insecure Apple is when it was Amazon's security issues that game them the info they needed.[/citation]

actually my last post was ericburnby not Wattsbo.

 

[Guest]

iCloud contains features like Find My Mac, Find My iPhone and Find My iPad. From those applications, a user can remotely wipe their devices, they can set a PIN to lock people out, or use Google Earth to pinpoint the device's location. As for the advisor who gave Honan's password to the hacker, I wouldn't be surprised if he or she is fired.

 

[Vladislaus]

[citation][nom]ericburnby[/nom]LOL at the idiots yapping without knowing the full story. Now the truth has come out, and here's how they got access:The hackers got his Gmail from his personal website. They also did a WHOIS to get his billing address. They went to the password rest page at Google and didn't even need to reset - they saw the e-mail for his alternate contact (some letters blocked out, but they were able to guess those and since it was an @me account it verified he had an Apple ID. They contacted Amazon with his billing address and e-mail and added a new credit card number to his account. Not sure why Amazon would let you add a new CC number without fully verifying the caller, but they did. They then called back Amazon for a password reset.Now get this: They called back Amazon to change their e-mail/reset their password. One of the pieces of ID they used was the credit card THEY JUST PROVIDED. They then reset the password and logged into his Amazon account. Looked at the credit cards on file (which shows the last 4 of the number).With all this information they called Apple, provided the e-mail, billing address and last 4 digits of his credit card. Apple then let them reset the account.So after hacking into Amazon first they were then able to fill in the pieces to fool an Apple tech support person to reset their password/account.So much for all you idiots going on about how insecure Apple is when it was Amazon's security issues that game them the info they needed.[/citation]
Just because the hacker used information from Amazon doesn't mean Apple is free of blame. Like Honan himself said "If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.". Both these companies need to change their process of determining if we are who we say we are. The billing address and last four digits of the credit card simply isn't enough. He also expressed fear that his banking account could be hacked. I don't know how banks work in America, but in my country, every single online banking service is obligated to have a two step verification.

 

[Vladislaus]

[citation][nom]v90k[/nom]Really? show me the link cause without proof your post means nothing.[/citation]
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

 

[ojas]

:lol: some of you Americans are funny. An Apple article magically turns into a political one.

Lame.

 

[techguy911]

Seems the author of this story does not have all the facts it was a huge security hole in amazon that lead to the hacking of the icloud account, sure the apple tech support should have asked for security questions, but also when the part about wiping his devices during setup it asks for a code he must have skipped it so the fault lies in amazon,gmail,apple and the user.
This is called a multi-vector attack getting bits of information from each place to piece enough data together for the hack.
So it's really a bad idea to keep passwords and personal information sitting in your e-mail, facebook accounts always use different passwords and security questions for each service you use.
This can happen with pc's as well minus the security data wipe part, i see it all the time in my shop pc users that have all their passwords on the desktop either in txt files or sticky note widgets get hacked via keylogger/screen grabber or phishing.

 

[ericburnby]

[citation][nom]Vladislaus[/nom]Just because the hacker used information from Amazon doesn't mean Apple is free of blame. Like Honan himself said "If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.". Both these companies need to change their process of determining if we are who we say we are. The billing address and last four digits of the credit card simply isn't enough. He also expressed fear that his banking account could be hacked. I don't know how banks work in America, but in my country, every single online banking service is obligated to have a two step verification.[/citation]

How would ordering from Pizza Hut give evrything they need to know? I don't use my primary credit cards for online ordering, restaurants or gas stations (the worst places to get information stolen). and I don't use my primary e-mail for ordering either.

This guy was an idiot for using the same credit card and e-mail everywhere online, so that once one was broken the rest fell like dominos.

Yes, they could implement stricter security, but would it really improve things? When I look at everything I do online I realized nothing these "hackers" did could be used against me. However, I could see "dumb" people falling for this.

 

[upgrade_1977]

Hopefully he sues the shit out of apple...

 

[Vladislaus]

[citation][nom]ericburnby[/nom]How would ordering from Pizza Hut give evrything they need to know? I don't use my primary credit cards for online ordering, restaurants or gas stations (the worst places to get information stolen). and I don't use my primary e-mail for ordering either.This guy was an idiot for using the same credit card and e-mail everywhere online, so that once one was broken the rest fell like dominos.Yes, they could implement stricter security, but would it really improve things? When I look at everything I do online I realized nothing these "hackers" did could be used against me. However, I could see "dumb" people falling for this.[/citation]
So you're saying that in order to use Apple products safely I need to have a credit card and address just for them. Not every country has the American mentality of having tons of credit cards. I for example only have one that basically don't use. I always use virtual cards.

Also just because Honan made the hacker job easier doesn't mean that both Apple and Amazon are free of blame. I'm sorry but saying that a address and the last four digits of my credit card is enough to identify anyone is stupid to say the least. If banks had this kind of safety most people would have their accounts cleaned.

 

[misterawsome]

"Oh i got an apple because they don't get viruses and are very secure"
apple you lost the only thing that you had over windows at all, Besides macbots.

 

[eddieroolz]

This is a scary thought, but unfortunately it can happen to any company, not just Apple.