Journalist blames Apple tech for allowing iCloud hack
Former Gizmodo reporter says device wipes and Twitter breaches occurred after an AppleCare technician fell victim to a bit of social engineering.
Former Gizmodo reporter Mat Honan is blaming an AppleCare technician for allowing his personal e-mail and Twitter accounts to be hacked, as well as the tech blog's official feed.
The Gizmodo breach, apparently perpetrated by a person or group of people calling themselves Clan W3, was brief but resulted in racist and offensive tweets being sent to the tech blog's 415,000 followers on Friday. Gizmodo initially blamed its former reporter for the tweets and quickly regained control of its account.
But Honan, who currently works for Wired, was not so fortunate. He described in a blog post how he had learned his iCloud account had been breached by a hacker who wiped his devices and gained access to his Gmail and Twitter accounts. Now he says an Apple technician fell victim to social engineering, a technique of manipulating people instead of computers to perform a task or divulge information:
I know how it was done now. Confirmed with both the hacker and Apple. It wasn't password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I'm back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.
Honan says the hacks occurred Friday evening when someone gained access to his iCloud account and reset his password. That led to the remote wipe of his iPhone, iPad, and MacBook Air and hijack of the Twitter accounts. The blog also describes the challenges he faced in regaining control of his devices and accounts.
He said he initially suspected the hacker used brute force to learn his seven-digit alphanumeric password, but Honan said in a blog update that someone claiming to be the hacker contacted him, saying he "didnt guess ur password or use bruteforce. i have my own guide on how to secure emails."
CNET has contacted Apple for comment and will update this report when we learn more.