X

Apple responds to journalist's iCloud hack

After a reporter said account breaches occurred when an AppleCare technician fell prey to social engineering, the tech giant says, "our own internal policies were not followed completely."

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read

After former Gizmodo reporter Mat Honan's entire digital presence was hacked via a loophole in AppleCare, Apple now says it is looking into how users can reset their account passwords to ensure that their data is protected.

It all began when Honan took to his Tumblr blog on Friday, detailing the events that led to his online life being sabotaged -- with his Google and Twitter accounts being deleted and his MacBook, iPad, and iPhone being wiped clean. He blamed an AppleCare technician for allowing his accounts to be hacked, as well as the tech blog's official feed.

After deliberating over the ways it could have happened on his blog, Honan heard back from Apple.

"Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password," Apple spokesperson Natalie Kerris told Wired, where Honan now works. "In this particular case, the customer's data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."

Honan wrote a long story for Wired today analyzing exactly what the hackers must have done to gain access to his accounts and wipe his devices clean of their data. And he came to this conclusion: "Ultimately, all you need in addition to someone's e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file," he wrote.

This is what led to the dilemma with the AppleCare technician falling prey to the hacker's shenanigans. "And so, with my name, address, and the last four digits of my credit card number in hand, Phobia [the hacker] called AppleCare, and my digital life was laid waste," he wrote.

The moral of the story, according to Honan, is back up everything stored digitally and be extremely careful with your AppleID.