Current Wired journalist and previous Gizmodo employee, Mat Honan had a rough night a few days ago. Not only was his iCloud account hacked, but this in-turn led to his Twitter account, followed by Gizmodo’s Twitter account. The hacker then used Gizmodo’s Twitter, with nearly half a million followers, to tweet racist messages. This was possible because Honan’s Twitter profiles was attached to his iCloud email, and doing a simple Twitter reset allowed “Clan Vv3,” the group the hacker belongs to, to gain control of both accounts.
But wait, it gets even worse. The hacker then used Find my iPhone to remotely wipe Honan’s iPhone, iPad and Mac computer. Not even his Gmail account was left standing. Currently Honan is working with both Apple and Google to recover some of his lost data.
As I am sure you are already thinking, this is a pretty big ordeal to go through, but how was it possible? Well, all it took was some clever social engineering on the hacker’s side. Originally it was predicted by Honan that the hacker guessed his old seven character password by brute force. Now however, it looks like the situation is actually Apple’s fault, as the hacker used some clever social engineering to exploit AppleCare support staff.
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.
This is pretty scary to think that if it was that easy to gain access to Honan’s iCloud account, it could happen to any Apple customer who uses iCloud. Just like with Honan’s case, someone could literally destroy all your non-backed up digital data within minutes.
Apple was not available for comment, and will probably not release an official statement on the matter. As such, at this time there is not much you can do to protect yourself from being effected by this social engineering exploit, besides disabling iCloud on your Apple devices. I wouldn’t be very worried however, I have a feeling most of you aren’t as high of a target as Mat Honan.
Are you worried by this? Share your responses and further thoughts in the comments section.