Over-The-Phone Password Change Allows Hackers To Destroy Reporter’s Digital World

The hacking of the Amazon account of a Wired reporter exposed a security flaw with the way Apple allows users to reset their AppleID passwords. By obtaining the last four digits of the reporter’s credit card, the hackers were able to call Apple support and reset the reporter’s AppleID password, gaining access to his iCloud account and .me email accounts. Access to these accounts then allow them to gain entry to his Google account, personal Twitter account, and work Twitter account. Both Amazon and Apple have responded to this attack by saying that they are reviewing how they allow users to reset their password.

The reporter, Mat Honan, admits that having all of his accounts connected, as many people do, allowed these hackers to wipe all personal data from multiple devices and use his social media accounts to send objectionable material to a wide audience. This type of hack exposes some of the dangers inherent in putting too much faith in cloud services and in linking all of your accounts together. Sophos’s Naked Security blog discussed some of the lessons learned from this event.