Forgot your password?
typodupeerror
Security Apple

Apple Support Allowed Hackers Access To User's iCloud Account 266

Posted by samzenpus
from the let-me-in dept.
Robadob writes "Yesterday a hacker gained access to Mat Honan's (An editor at Gizmodo) Apple iCloud account allowing the attacker to reset his iPhone, iPad, and Macbook. The attacker was also able to gain access to Google and Twitter accounts by sending password recovery emails. At the time this was believed to be down to a brute-force attack, however today it has come out that the hacker used social engineering to convince Apple customer support to allow him to bypass the security questions on the account."
This discussion has been archived. No new comments can be posted.

Apple Support Allowed Hackers Access To User's iCloud Account

Comments Filter:
  • by 93 Escort Wagon (326346) on Sunday August 05, 2012 @04:05PM (#40888441)

    Because if you RTFA, Apple confirmed that this occurred. Probably via the notes in the call log.

    I did RTFA. Everything we're currently aware of comes from this guy's point of view. I'm not saying it's incorrect - but it's usually smart to wait for corroboration before drawing conclusions on anything.

  • by cshbell (931989) on Sunday August 05, 2012 @08:51PM (#40890291)

    (an editor at Gizmodo)

    And furthermore, Mat Honan works for Wired, not Gizmodo [twitter.com].

  • by cshbell (931989) on Sunday August 05, 2012 @09:06PM (#40890373)

    But understand that it will cause massive unhappiness for the majority of cases where(for example) one's 75 year-old grandmother, who has forgotten her password and can't figure out how she phrased the answer to the security question, is about to permanently lose access to the last 5 years of her grand-children's emails.

    This is a problem that bites both ends. Consider this real-world scenario that happened to me last week:

    I work for a senior care organization. One of our resident, a cheerful 92-year-old woman, uses her AT&T email frequently to communicate with family and friends; she's fairly savvy, actually. However, she is starting to suffer from cognitive problems, which have caused her to forget her password. When we tried to reset her password and walked through security questions, she's also having trouble remembering the answers to those questions. We called AT&T and explained the situation, but they understandably (and rightfully) treated our request as a hostile attempt to access the account and would not help us.

    She's the legitimate owner of her account -- how can she be helped? This may seem like an extreme situation, but these problems will only increase as we all continue our digital lives and begin to age.

    Password and account verification is a difficult problem to solve. If there's a silver bullet, I haven't heard of it yet.

  • by west (39918) on Sunday August 05, 2012 @11:27PM (#40891083)

    Funny, I just read a story about how HSBC had basically locked a young women's college fund (~$10K) away until she personally visits their offices in Great Britian along with appropriate documentation. (They closed the branches in her country...) It will cost her half the money (and a week's wages) to go and collect it.

    So, not *everybody* is happy with a bank making absolutely sure that they don't give it to the wrong people :-).

I've got a bad feeling about this.

Working...