iCloud hack shows the serious problem with living la vida Apple
Apple let a hacker erase one man's iPhone, iPad, MacBook, and online storage. Here are a few ways to avoid such a fate.
Subscribe Today to the Monitor
You run to your laptop, and catch it erasing all its own data. You get online, but both of your email addresses have been hijacked, your online storage has been emptied, and someone else is using your Twitter account.
This nightmare scenario happened in real life Friday afternoon for Mat Honan, a technology journalist based in San Francisco.
Someone took over Honan's Apple account, which let him remotely wipe Honan's iPhone, iPad, and MacBook, then leverage that power to take over Honan's Google and Twitter accounts as well, plus the Twitter account of Gizmodo, the tech blog Honan sometimes writes for.
Yet Honan's enemy wasn't an elite hacker who used advanced techniques to crack Honan's password. Instead, the attacker simply placed a call to Apple tech support and convinced Apple to give him control of Honan's Apple account.
Tale of the tape
"At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash," Honan wrote on his Tumblr account, which was spared. "At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
"At 5:00 PM, they remote wiped my iPhone. At 5:01 PM, they remote wiped my iPad. At 5:05, they remote wiped my MacBook Air. A few minutes after that, they took over my Twitter." (Honan posted a screen grab of the notifications his Gmail account received.)
The attacker, identifying himself as part of a hacker group calling itself "Clan Vv3," used Honan's Twitter account, "@mat," to post, "@gizmodo Tell this dumbass employee mat he's an idiot for using insecure email services, having a 3-letter Twitter, and having access to [Gizmodo]."
Then he or she took over Gizmodo's Twitter account and posted offensive messages for about 15 minutes.
Clan Vv3 has been hijacking the Twitter accounts of minor celebrities for several months, for example one belonging to comedian and TV star Whitney Cummings in June.