Truth behind Apple iCloud being hacked
I’m sure most know that when they store their personal stuff on the cloud there is always a risk of being hacked, and this is why a user must use a complicated password to protect their gear on the cloud. However there are times when even a strong password simply isn’t enough, especially if your password is handed to the hackers.
According to an article over in iDownload Blog, this is the truth behind Apple’s iCloud being hacked, not because hackers actually hacked into accounts but because Apple handed those hackers iCloud passwords.
Apparently former Gizmodo writer Mat Honan found that over the weekend hackers had gained access to his iCloud account and wiped his iPhone, Apple iPad and Mac.
Honan says he used a seven digit alphanumeric that wasn’t used anywhere else, and set it up some years ago, and it seemed pretty safe, but it turns out it isn’t, and at 4.50pm someone gained access to his iCloud account and reset the password and sent the confirmation message about the reset to the trash.
Then at 4.52 they sent a Gmail password recovery email to the .mac account, which was the backup email address on his Gmail account , and 2-minutes after he received an email that his Gmail Account password had been changed. Then at 5pm his iPhone was wiped, followed by his Apple iPad, and then his MacBook Air, after which they also took over his Twitter account.
The result of which Honan lost over a years worth of docs, emails and pictures, which Apple says isn’t recoverable without serious forensics. Honan has said he knows how it was done, and has had it confirmed by both Apple and the hacker.
Apparently the hacker gained access through Apple tech support, along with a little social engineering that enabled them to bypass security questions.
Thus it would appear as long as a hacker can convince Apple they are the person that owns the account, a hacker can get into your account without too much difficulty, and although Honan is somewhat more public than most, this attack does highlight a real weakness in Apple’s security.
The guys say they expect Apple to release a statement at some point so they can assure iCloud users that this sort of thing wont happen again.
So there you go, if any of our readers have their personal stuff stored on iCloud, feel free to let us know if you have experienced any attack and lost any stuff by dropping us a line to our comments area below.
Comments
3 thoughts on “Truth behind Apple iCloud being hacked”
I am sorry for
him it was a hard lesson learned. I have two-step authentication on my email
and I like the extra security it offers.
You just telesign into your account and it’s good to go. I’m hoping that
more companies start to offer this awesome functionality. In reality this
should be a prerequisite to any system that wants to promote itself as being
secure. I feel suspicious when I am not asked to telesign into my account by
way of 2FA, it just feels as if they are not offering me enough protection.
Any, and I do mean ANY, “alphanumeric” password can be hacked fairly quickly, regardless of the encription scheme. If you use standard letters and numbers for your password, you are asking for trouble. If you wish to “secure” your password, which only means that you make it difficult (or, in some cases, impossible) for little John Doe to gain access to your password with a simple alphanumeric algorithm, then incorporate the use of spaces and special ASCII characters (_, %, *, (), {},[], ^, etc…) in yur passwords. Many… indeed MOST of these special characters are very difficult to “search” randomnly, even with today’s technology. If you want it “foolproof” or “guaranteed unhackable”, use this method and change your passwords weekly (actually daily, but weekly is more realistic).
LMAO, Apple defense force is out in full force. Apple is no more secure or safe from viruses than PC’s. Once a virus is made for a Macs all of you that ran out and bought one will not know what to do. The more popular macs get the more viruses you will see.