 | 
08-08-2012, 11:26 AM
|
#1 (permalink)
| | VN conasewer
| Journalist hacked- loses all data
No malware, no key-logging
Just thought this could serve as a cautionary tale to all those who think their data is safe. It really is that easy (no matter what OS you choose) How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com Quote:
At 4:33 p.m., according to Apple’s tech support records, someone called AppleCare claiming to be me. Apple says the caller reported that he couldn’t get into his .Me e-mail — which, of course was my .Me e-mail.
In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.
At 4:50 p.m., a password reset confirmation arrived in my inbox. I don’t really use my .Me e-mail, and rarely check it. But even if I did, I might not have noticed the message because the hackers immediately sent it to the trash. They then were able to follow the link in that e-mail to permanently reset my AppleID password.
At 4:52 p.m., a Gmail password recovery e-mail arrived in my .Me mailbox. Two minutes later, another e-mail arrived notifying me that my Google account password had changed.
At 5:02 p.m., they reset my Twitter password.
At 5:00 they used iCloud’s “Find My” tool to remotely wipe my iPhone.
At 5:01 they remotely wiped my iPad.
At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account.
At 5:10, I placed the call to AppleCare.
At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack.
| Quote: |
Apple tech support confirmed to me twice over the weekend that all you need to access someone’s AppleID is the associated e-mail address, a credit card number, the billing address, and the last four digits of a credit card on file.
| | 
|   | |
08-08-2012, 11:36 AM
|
#2 (permalink)
| | Wave yo hands in the aiya
| ouch | |
| | |
08-08-2012, 11:46 AM
|
#3 (permalink)
| | Eternal Vol
Join Date: Nov 2008  Location: Deep Woods and Swamps of West Tn
Posts: 17,536
Likes: 7,709
| I thought APPLE was above this sort of behavior?
__________________
Slowly Regaining Hope | |
| | |
08-08-2012, 12:04 PM
|
#4 (permalink)
| | VN conasewer
| Quote:
Originally Posted by CountVolcula  I thought APPLE was above this sort of behavior? | while some was his fault, this is more about the links between different services. There was no real "hacking" involved | |
| | |
08-08-2012, 12:14 PM
|
#5 (permalink)
| | This We'll Defend
Join Date: Mar 2010 Location: Columbia, SC
Posts: 47,259
Likes: 5,000
| Damn. | |
| | |
08-08-2012, 04:31 PM
|
#6 (permalink)
| | Senior Member
| Social engineering is probably the hardest hack to stop. He should be suing Apple over their blatant disregard of security. | 
| VN Likes: 1 | |
08-09-2012, 11:27 AM
|
#7 (permalink)
| | No, you need to back up!
Join Date: Jul 2009 Location: Southern Maryland
Posts: 1,097
Likes: 275
| Just turned on 2-step verification in my GMail. I would probably be angry enough to kill if someone erased my macbook. I've got irreplacable photos and videos of my 10-month old. | |
| | |
08-09-2012, 11:31 AM
|
#8 (permalink)
| | VN conasewer
| Quote:
Originally Posted by PotS Just turned on 2-step verification in my GMail. I would probably be angry enough to kill if someone erased my macbook. I've got irreplacable photos and videos of my 10-month old. | mine are backed up a couple of places and also to an external drive. It would crush my wife to ever lose those | |
| | 
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off
| | | |
 | |
Forums |
