This is the exact same information hackers supplied Apple with on Friday to get a temporary password that gave them access to Honans iCloud account.
In a chain of events that Honan would unravel in the following days, hackers took advantage of security holes at Amazon and Apple to gain access to his iCloud account.
Apple customer service then gave the hackers a temporary password into Honans Apple ID, which the hackers used to wipe his iPhone, iPad and MacBook, and gain access to a number of email accounts as well as his Twitter account.
During the Mayhem the hackers also discovered that Honan had linked the Gizmodo Twitter account to his own, so in addition to Honan’s 15,000 followers, the hackers were able to tweet to @gizmodo’s 400,000+ followers.
Once they were in his Gmail, the hackers could reset passwords for all the key accounts that used Gmail, including Twitter accounts.
Apple needs to offer two factor authentication for its services, and it needs to close a gaping hole in its password recovery process.
Most people’s physical address is pretty easily obtained via creative Googling and Honan’s hackers were able to obtain the last four digits of his credit card number from Amazon.
Us account: a billing address and the last four digits of our credit card.
Instead, allegedly, a hacker called Apple tech support and bluffed his way into Horan’s account.
Through a series of simple social hacks of Amazon’s account maintenance — no more complex than a few phone calls and a fake but properly formatted credit card number — it’s possible to expose the last four digits of all the credit card numbers on an Amazon user account.
According to Honan’s account on Wired, Hackers simply called Apple and — get this — gave his name, address and the last four digits of the credit card he had on file.
Amazon closed a privacy hole on Monday that previously allowed hackers access to Amazon accounts over the phone using just a name, email address and mailing address three pieces of information easily found for many on the web.
While Honan managed to recover his account, data, including photos of his kids saved in his notebook, which was wiped using Apple’s Find our Mac remote wipe feature, are likely irretrievably gone.
The remote wipe option is a security service offered by Apple as part of its Find our Mac/iPhone/iPad feature.
The company no longer supports changing account settings via a phone call.
The rep said we should try calling back after about 24 hours, and directed us to iforgot.apple.com to change AppleID passwords ourselves on the web instead.
The hackers seem to have succeeded in their aims, which was to ” to publicize security exploits, so companies will fix them”.
They generally serve as a meeting place for system and network administrators, hackers, and computer security experts.
Meghan Johns is a business journalist based in San Francisco, California. Meghan has a passion for financial markets and breaking news stories and loves writing about business news, stock market, and economic opinions that matters most to its audience. Meghan spends a lot of time discovering and researching latest financial markets and industry news stories in order to make sure the latest and greatest stories are brought to you first on BigBoardNews.com.
