• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Hackers Reset Former Gizmodo Writer's iCloud Password Via Apple Tech Support


    Friday’s Gizmodo breach by a group called Clan W3 is now being blamed on Apple’s iCloud and Apple tech support.

    The breach affected former Gizmodo writer Matt Honan’s personal computers and social media accounts, which included access to Gizmodo’s official Twitter account. The hackers were able to access Honan’s iCloud account through some old-fashioned tech support manipulation.

    Originally Posted by :
    “I know how it was done now. Confirmed with both the hacker and Apple. It wasn't password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I'm back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.” — Honan
    The hackers were apparently able to reset Honan’s password with their “social engineering” and access Honan’s iCloud account. The group then proceeded to wipe Honan’s iPhone, iPad, and MacBook Air. Honan first noticed something was amiss when his phone restarted while playing with his daughter. Honan attempted to connect his phone to his laptop when he noticed his Gmail account wasn’t syncing with Calendar. Honan checked his iPad, and it too was wiped clean.

    Moral of the story? Better security questions, better passwords, and less oblivious tech support.

    Source: Matt Honan's Tumblr [CNET]
    This article was originally published in forum thread: Hackers Reset Former Gizmodo Writer's iCloud Password Via Apple Tech Support started by Phillip Swanson View original post
    Comments 41 Comments
    1. Gamemaster77's Avatar
      Gamemaster77 -
      Quote Originally Posted by szr View Post
      You have no problem with social engineering? That is, "obtaining information by manipulating and/or deceiving people", as it's defined as, which is exactly what the article was about. Do you really think you should be treating the ability of acquiring someone's account information by lying to a tech support agent so lightly?
      I have no problem with social engineering if the intent and effect is simply to gain knowledge.