Published on the 09/08/2012 | Written by Newsdesk
A simple social engineering-based hack has seen Apple suspend password changes over the phone as internet journalist’s online information, as well as iPhone, iPad, and MacBook content, is erased…
Last week, Mat Honan, columnist for popular tech-site Wired.com’s “entire digital life was destroyed” by hackers who accessed then deleted the writer’s Google account, then took over his Twitter account and finally accessed his AppleID, remotely erasing all of the data on his iPhone, iPad, and MacBook.
According to Honan, the hackers managed their initial entry by obtaining the last four numbers of his credit card number after accessing his Amazon account, then used that number to convince Apple personal, over the phone, that they were Honan.
“In many ways, this was all my fault,” Honan wrote.
“My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.”
Apple has responded to the very public breach by freezing over-the-phone password resets until a more robust system can be put in place.
“We’ve temporarily suspended the ability to reset Apple ID passwords over the phone,” said Natalie Kerris, a spokeswoman for Cupertino, California-based Apple. “We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).
“This system can reset a password in one of two ways – either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up.”
“When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.”
Amazon is reportedly beefing up its security measures as well.
The breach comes hot on the heels of a statement from Apple co-founder Steve Wozniak that increasing dependence on the cloud is setting up users for “horrible problems”.
Speaking to an audience after a recent performance of the one-man-show “The Agony and the Ecstasy of Steve Jobs”, Wozniak said that users don’t understand the full ramifications of using third-party providers to store their content.
“I really worry about everything going to the cloud,” he told the audience. “I think it’s going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.”
“With the cloud, you don’t own anything,” he said. “You already signed it away.”
“I want to feel that I own things,” Wozniak said. “A lot of people feel, ‘Oh, everything is really on my computer,’ but I say the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it”.
