Honan’s iCloud account gave the hacker access to the Find My Phone feature, thus allowing them to remotely wipe all the data on his iPhone, iPad, and worst of all, his Mac. Honan’s Gmail account was also deleted in the process, and he’s been locked out of other services, including his phone, which he linked with Google Voice through Sprint.
Initially, Honan thought the hacker broke into his account using brute force, despite a seven character alpha-numeric password that he felt was pretty secure. Apparently, this wasn’t the case.
“I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions,” Honan wrote via his Tumblr page. “Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.”
Two-factor authentication, which requires confirmation via both an email message and usually a text message, would have probably prevented the hacker from deleting Honan’s Gmail account and kept people off the Twitter accounts, he said. Unfortunately, Honan didn’t have the two-factor authentication turned on. So, if there’s a moral to this story, it’s that you should go enable two-factor authentication whenever possible. (Do it now!)
This still doesn’t fix the problem of fooling the Apple Care technician over the phone. The computer giant needs to step up its security for verifying user accounts if it plans on seriously taking on the likes of Google, Yahoo, and Microsoft with its iCloud service — not to mention the growing number of cloud-based storage services like Dropbox and Box.net.
Hacked password image via Raywoo/Shutterstock
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more