Apple Granted Hacker Access To A Reporter’s iCloud Account

Well, this is truly shocking. On Friday, Mat Honan, a writer for Wired, had his iCloud account hacked. This resulted in a number of emails and social networking accounts of his also being hacked.

Once Honan was re-granted access to his iCloud account, he was able to trace back the hacker’s steps through password reset emails. Keep reading on below for Honan’s story and the damage that was achieved:

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere.

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone
At 5:01 PM, they remote wiped my iPad
At 5:05, they remote wiped my MacBook Air.

A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well.

At first, Honan was dazed with how the hacker may have gained access to his iCloud account. Later on though, Apple and the hacker confirmed Apple support provided the password after being persuaded Honan was on the phone.

It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.

After reading what happened to Honan, it makes me realize Apple’s security isn’t as tight as it should be. What are your thoughts on what happened to Honan?

[via Forbes]

Founder and Editor-in-Chief of iPhoneinCanada.ca. Follow me on Twitter, and @iPhoneinCanada, and on Google+.

  • lulz

    His password was probably honan123123

  • http://twitter.com/RSto95 Ryan St Onge

    Haha. Even if it was it wouldn’t of made a difference, Apple support reset the password for the hacker.

  • cUn1t

    I wouldn’t give Apple the full blame on this one. The hacker just outsmarted a third party call centre employee. I have friends that work Apple tech support here in Charlottetown at a call centre. My friends get paid min wage and hate their jobs. It would be easy to social engineer someone that doesn’t care about their job.

  • Frankie

    If its a human answering the phone, he can be manipulated to do anything within his duties. It’s not Apple’s fault, but textbook human judgement error. No worse than authorizing and pushing a button to kill 56 supposed enemy soldiers and later, finding out it was a wedding, 56 innocent civilians…

  • Tnuz

    Apple should have sent a temp passwd via iMessage to the iPhone. In that case the possessor of the phone would have access and not just anyone on the phone.

  • K3

    …………..
    No offence but just how accurate is this story- what if some rival company had paid to have something like this out there. Really when you have a “war chest” like Apples you’re bound to have enemies that will do anything.

  • iFone

    I don’t understand why everyone continues to expect Apple to be so perfect! News: shit happens…

  • kev

    It’s probably because Apple pretty much claims everything they make and everything they do is perfect lol

  • http://www.iphoneincanada.ca Gary

    That could also be a possibility. A setup by a former Giz writer to put Apple into the spotlight??

  • iFone

    That’s because people are stupid and believe everything they are told

  • AndrewMalcolmson

    You’re right. This is why I have 2-step authentication turned on for my Gmail account. The account can’t be accessed without a code generated by an Android or IPhone app or via text. There are backup ways to do this if you loose your phone but none of these involve calling a call centre and asking them for your password.

  • http://www.iphoneincanada.ca Gary

    2-step authentication is awesome.