Skip to: Content
Skip to: Site Navigation
Skip to: Search


iCloud hack shows the serious problem with living la vida Apple

Apple let a hacker erase one man's iPhone, iPad, MacBook, and online storage. Here are a few ways to avoid such a fate.

By Paul WagenseilSecurityNewsDaily / August 7, 2012

Apple let a hacker erase one man's online existence.

SecurityNewsDaily

Enlarge

Imagine you're playing with your young daughter when suddenly your iPhone goes blank. You check your iPad, but it's been wiped clean too.

Skip to next paragraph

You run to your laptop, and catch it erasing all its own data. You get online, but both of your email addresses have been hijacked, your online storage has been emptied, and someone else is using your Twitter account.

This nightmare scenario happened in real life Friday afternoon for Mat Honan, a technology journalist based in San Francisco.

Someone took over Honan's Apple account, which let him remotely wipe Honan's iPhone, iPad, and MacBook, then leverage that power to take over Honan's Google and Twitter accounts as well, plus the Twitter account of Gizmodo, the tech blog Honan sometimes writes for.

Yet Honan's enemy wasn't an elite hacker who used advanced techniques to crack Honan's password. Instead, the attacker simply placed a call to Apple tech support and convinced Apple to give him control of Honan's Apple account.

Tale of the tape

"At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash," Honan wrote on his Tumblr account, which was spared. "At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

"At 5:00 PM, they remote wiped my iPhone. At 5:01 PM, they remote wiped my iPad. At 5:05, they remote wiped my MacBook Air. A few minutes after that, they took over my Twitter." (Honan posted a screen grab of the notifications his Gmail account received.)

The attacker, identifying himself as part of a hacker group calling itself "Clan Vv3," used Honan's Twitter account, "@mat," to post, "@gizmodo Tell this dumbass employee mat he's an idiot for using insecure email services, having a 3-letter Twitter, and having access to [Gizmodo]."

Then he or she took over Gizmodo's Twitter account and posted offensive messages for about 15 minutes.

Clan Vv3 has been hijacking the Twitter accounts of minor celebrities for several months, for example one belonging to comedian and TV star Whitney Cummings in June.

Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!