Tuesday, August 07, 2012

MacNN | Apple responds to Honan iCloud hacking incident:

Apple has issued an official response to reports about Wired writer Mat Honan having his iCloud account broken into via AppleCare. "Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password," the company tells Wired. "In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected."

Wired adds, though, that on Monday it successfully tried the same scheme on a different iCloud account. "This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file," the magazine explains. The person who cracked Honan's account did so by simply calling AppleCare and convincing a staffer to bypass security questions and ultimately reset Honan's iCloud login. Honan notes that the hacker destroyed a tremendous amount of his digital existence, although he takes some of the blame. "First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.