On Friday night, Wired technology journalist Mat Honan was brutally hacked. Hackers took advantage of security holes at Amazon and Apple to gain access to his iCloud account. They then took over his Gmail account, remotely wiped all data from his MacBook Air, iPhone and iPad, and took over his Twitter account as well as the Twitter account of his former employer, Gizmodo.
The incident might seem small on its surface — just one person’s information, not a huge data breach of credit card numbers. But this one very public incident, thoroughly documented by Honan in a Wired article, could be a wake-up call to many who store their information with cloud-based services, including Amazon, Apple and Google.
The hackers used fairly basic techniques to accomplish the hack. They found Honan’s home address and e-mail address online, and after some back and forth with Amazon tech support, used it to get the last four digits of Honan’s credit card number. They called Apple customer support pretending to be Honan and used those four numbers along with same billing address to verify his identity, gaining access to Honan’s iCloud account and the associated .Me account. The .Me account was Honan’s backup e-mail for his Gmail account. Once they were in his Gmail, the hackers could reset passwords for all the key accounts that used Gmail, including Twitter accounts.
Once in, the hacker spammed Honan’s Twitter followers and deleted all the data from his various devices. The remote wipe option is a security service offered by Apple as part of its Find My Mac/iPhone/iPad feature. If devices associated with the Apple ID are stolen, the owner can execute a remote wipe to prevent their data from falling into the wrong hands.
The motivation for the crime seems to be rather banal. In conversations with Honan, one of the hackers responsible revealed he just wanted Honan’s three-letter Twitter handle, @mat.
What other security features should Apple add to make sure that their clients’ accounts do not get easily hacked? And do you believe the hacker’s seemingly shallow reason for doing what he did?