Apple 'reviewing' security after high-profile iCloud hack
Apple has promised to give its security processes a once over after a journalist had his iCloud account hacked.
Apple says it's 'reviewing' its security processes, after a journalist's digital life was hacked to pieces by digital ne'er-do-wells.
Tech writer Mat Honan found his iPhone and iPad suddenly dying, and his MacBook locked with a 4-digit pin that he hadn't set. Hackers also destroyed his Gmail and Twitter accounts.
In an article on Wired, Honan explains how Apple's customer support granted hackers access to his iCloud account, and therefore the ability to remotely wipe all his devices. As it turns out, to get into an iCloud account all you need is to call Apple's customer support with the email address in question, the billing address and the last four digits of a credit card on file.
Hackers obtained the billing address by doing a Whois search on Honan's personal domain, and nabbed the last four digits of his card number by calling Amazon, adding a new (fake) card to the Amazon account, then calling back and saying they'd lost access, and providing a name, billing address and the card number they'd just given.
Upon providing those details, Amazon will let you add a new email address to the account, to which you can send a password reset from the site. That lets you see the last four digits of credit cards used on the site, and gives you everything you need to access someone's iCloud account.
The part involving Amazon is a little lengthy -- the information needed to get into your iCloud account can be obtained by other means. As Honan notes, if you order pizza and pay over the phone, you've probably given the delivery bloke everything he needs to crack open your Apple account.
Apple told Wired, "In this particular case, the customer's data was compromised by a person who had acquired personal information about the customer," going on to say that "internal policies were not followed completely."
"We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."
Honan's article makes for sober reading. Here's hoping tech companies like Apple and Amazon stop considering their security processes in isolation and think about how their anti-infiltration tools fit with other online organisations.
In the meantime, make sure your Gmail has two-step verification turned on, which makes it much harder for strangers to access your email account.
Have you ever had your accounts compromised? Do you think Apple needs to step up its security measures? Tell me in the comments or on our Facebook wall.