Apple Stops Resetting Passwords Over The Phone In Aftermath Of Mat Honan’s Compromised Account
If you haven’t already heard the news, a Wired reporter lost control of his Twitter account, along with the information (and irreplaceable baby pictures) stored on his MacBook, iPhone and iPad. The identity thieves that broke into his account exploited customer service policies at both Apple and Amazon. All they needed to gain control Mat Honan’s AppleID was his email address and the last four digits of his credit card. Although they could have done a lot more harm to Honan, they had control of his online shopping account, they just wanted his Twitter handle because they liked the user name.
In response to these attacks Apple has disabled their system for resetting AppleID passwords over the phone. Prior to this, Wired attempted to replicate the attack, but was blocked by Apple’s staff with a request for the serial number of a device linked to the account. Officially the new freeze in password resets was said to be due to ‘maintenance updates,’ but an ‘Apple worker with knowledge of the situation‘ told Wired that the freeze would last for at least 24 hours while Apple reviews their security policies.
What I’ve noticed about this case is that a lot of commenters, including Wired’s staff, have taken to calling this practice in social engineering and fraud ‘hacking.’ This strikes me as odd, because all the ‘hackers’ did was Google information on Mat Honan so they could lie to tech support. With the same use of language, someone could knock on the Honan family door with Girl Scout cookies and ‘hack’ their way into their house.
I’m also uncomfortable with the expansion of the term ‘hacker’ to cover all ne’er-do-wells on the internet, especially as a writer for iJailbreak. Cleverly bypassing Apple’s software to enable new uses for my phone (the jailbreaks that make this site possible) seems like the opposite of calling tech support with Googled information. After all, lying to people was possible long before computers.
Are all hackers con men and all con men hackers, or should they be a distinction between the two (sometimes overlapping) groups? Share your thoughts in the comments section below.