Mat Honan explains how errors led to Apple and Amazon icloud hack. The former Gizmodo blogger who was hacked this past weekend, has an extensive article written for Wired. In it he explains how he could be a victim of personal hack, so he not only lost his Twitter account, but also access to his Gmail account and key backups lost. Matt drew the attention of hackers because of its short Twitter name @mat. Then the hackers had only a few data are needed, they could easily be detected: email address Honan as Apple ID used, the billing address and the last four digits of his credit card. Sloppy security at Apple and Amazon did the rest.
The hackers were able to access Honan’s Twitter, Google, and icloud account, knew all content on the iPhone, MacBook and iPhone, including pictures of his daughter. Apple has promised to the process of resetting passwords to tighten up, but during the weekend were the workarounds still work, so Wired editors discovered that the test case names. Finding out your password with brute power is not even necessary to hack accounts. Social engineering played an important role: Apple’s support staff gave the hackers access to Honan’s icloud account. Then Amazon’s support team gave the four digits of the credit card. But that is just the information that Apple used to release certain information.
“Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”
For Amazon, the last four digits unimportant information, because they assume that you are there, not a complete credit card number can be distracting. But Apple is the four digits on the phone enough to verify someone’s identity is correct. Cloud-based systems have more security than a simple password, which somehow can be traced.