Amazon and Apple change their security policies after hackers tricked their support staff into helping them to break into a journalists online accounts.
You may have heard the disturbing story of how a few, unscrupulous hackers attacked a technology writer over the weekend after getting access to his Apple iCloud account.
Apple and Amazon are taking steps to change some of their
security policies after it came to light that hackers tricked staff members
into helping them change the passwords of Gizmodo journalist Mat Honan online
accounts.
Mat Honan of Wired magazine has now posted a detailed account about exactly what happened, from the moment he noticed his iPhone powering down on Friday at 5pm, to rebooting it to the setup screen, to when he tried logging into iCloud to restore the phone and couldn’t, to when his laptop suddenly asked him for a four digit pin, which he knew he didn’t have.
"We’ve temporarily suspended the ability to reset
AppleID passwords over the phone," Apple spokesperson Natalie Kerris told
eWEEK.
"We’re asking customers who need to reset their password to
continue to use our online iForgot system (iforgot.apple.com).
This system can reset a password in one
of two wayseither have a password reset sent to an alternate email address
already on record or challenge the customer to answer security questions
they had previously set up.
"
"When we resume over the phone password resets,
customers will be required to provide even stronger identify verification to
reset their password," she added.
According to Honan, who was able to get in contact with a hacker who goes by the name of
"Phobia" and was at the center of the scheme, the ultimate goal was
to seize control of his Twitter account.
To do that, the hackers looked up his
Twitter and found that it linked to his personal website, which had his Gmail
address.
Once there, Phobia entered Honan’s Gmail address and was able to view the alternate email Honan set up for password recovery.
Though the
email was partially obscured, the hackers were able to guess it and when they
saw it was a .us account the hackers knew Honan had an AppleID.
In order to get access to his AppleID, Phobia and his partner needed the last four digits of
Honan’s credit card and billing address.
Householders usually track and pay on a monthly basis by hand using cheques, credit cards or internet banking.
The billing address was discovered
with a whois search of Honan’s web domain.
To get it, Phobia’s partner called Amazon’s support line pretending to be Honan and added a fake
credit card number to the account.
After giving the fake credit card number as well as a name and billing address,
Amazon allowed them to add a new email address to the account.
From there, they
sent a password reset to the new email and could see the last four digits of
all the credit card numbers on file for the account, Honan explained in the
article.
With those last four digitsand his name and addressthe
hackers were able to get Apple to reset the account login.
We shouldnt have used the same e mail prefix across multiple accounts, , and ," Honan wrote.
Victor Arrington is a business journalist based in Orange, California. Victor has a passion for financial markets and breaking news stories and loves writing about business news, stock market, and economic opinions that matters most to its audience. Victor spends a lot of time discovering and researching latest financial markets and industry news stories in order to make sure the latest and greatest stories are brought to you first on BigBoardNews.com.
