Sci/Tech iCloud hacked: The Dangerous Side Of Apple's iCloud

tom_mai78101

The Helper Connoisseur / Ex-MineCraft Host
Staff member
Reaction score
1,227
Apple‘s iCloud service brings a whole raft of services — email, calendar, contacts, ‘Find My iPhone” and cloud storage — and stores them behind a single username and password. This is very convenient, but if that username and password falls into the wrong hands, you can find yourself very quickly in a world of pain.

This is what happened to Mat Honan, former journalist for Gizmodo and former contributing editor to WIRED magazine. Before the hackers gained access to his Twitter account and that of Gizmodo, the hackers first gained access to his iCloud account, where they caused irrevocable havoc.

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password, and then reset it to do the damage to my devices.

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone.
At 5:01 PM, they remote wiped my iPad.
At 5:05, they remote wiped my MacBook Air.
The end result, is massive devastation.

Read more here.
 

KaerfNomekop

Swim, fishies. Swim through the veil of steel.
Reaction score
608
That's the risk when you connect to a hive mind. The hive can connect to you.
 

SouLEDGE

Damn you advanced calculus
Reaction score
75
So I'm assuming he didnt have any physical backups his devices?
That's like having a car and not having insurance.
When will these people learn -_-
 

KaerfNomekop

Swim, fishies. Swim through the veil of steel.
Reaction score
608
Maybe he had physical backups that were also connected to the hive.
 

FireCat

Oh Shi.. Don't wake the tiger!
Reaction score
514
So I'm assuming he didnt have any physical backups his devices?
That's like having a car and not having insurance.
When will these people learn -_-
QFT

I still can’t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else.
 

Slapshot136

Divide et impera
Reaction score
469
the icloud was not hacked - deceptive title

and whoever has 0 backups has no right to whine about data loss - it's as simple as that.
 

phyrex1an

Staff Member and irregular helper
Staff member
Reaction score
446
the weak password of a single user was compromised.
You're wrong and the article is dated. The victim guessed that his password was brute forced, but this turned out to not be the case. Simplified, the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.

The more complex story involves abusing the different policies used by Amazon and Apple to finally grant access to pretty much everything. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
 

FireCat

Oh Shi.. Don't wake the tiger!
Reaction score
514
the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.
Wow that's pretty scary.
 

Slapshot136

Divide et impera
Reaction score
469
You're wrong and the article is dated. The victim guessed that his password was brute forced, but this turned out to not be the case. Simplified, the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.
allow me to repeat myself: 1 password was compromised (amazon), I never claimed that it was via a brute force attack or anything - and after that there was a domino effect because the accounts were too closely linked - there was no hacking involved, only a couple of calls that were more social engineering than anything else
 

phyrex1an

Staff Member and irregular helper
Staff member
Reaction score
446
allow me to repeat myself: 1 password was compromised (amazon),
But it wasn't compromised because it was weak, which is what you claimed. If you read my post carefully you'll also find that I never said it was you who claimed that a brute force attack was used, nor did I claim that anything else than social engineering was going on.

Just to be clear about the password: The password set by the victim on the Amazon account was never known to the attacker. Instead, the attacker was able to reset the password to a email address of the attackers choice using only the billing address of the victim. Using a stronger password wouldn't have helped.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
  • jonas jonas:
    Which company do you work for?
  • vypur85 vypur85:
    Haha yea they'd compare my country as well...
  • vypur85 vypur85:
    Hmm i don't receive any pm? Maybe I'm using my phone. Gonna check it out using my pc later.
  • vypur85 vypur85:
    I'm teaching A Levels in a school in Wuhan.
  • jonas jonas:
    You should see a "private conversations" tab in the chatbox, that's where I sent it to you
    +1
  • jonas jonas:
    Wow
  • jonas jonas:
    Is the school system in your country similar to Chinese school system? I could never imagine being a teacher in a Chinese school, what's expected of students and teachers is just so different from what I'd be looking for as a teacher
  • vypur85 vypur85:
    A Levels is based on the UK syllabus offered internationally. So the syllabus is similar throughout different countries, taught in english.
  • vypur85 vypur85:
    I can't speak or write or read much chinese... Too difficult....... Which also makes my life here in china a lil difficult.
  • jonas jonas:
    Oh, I see. I thought Chinese version of A-levels :D
  • jonas jonas:
    I've been using the translate app a lot on my phone. take a photo, translate. take another photo, translate again :D
  • jonas jonas:
    it also has voice translation, my colleagues sometimes use that
  • jonas jonas:
    You came during the 0 covid policy right? How'd you get through quarantine? Did you have some help with the apps and green codes?
  • tom_mai78101 tom_mai78101:
    If you have any Chinese you need help with, let me know.
  • vypur85 vypur85:
    @jonas Those were the things I did too. Translate app and VPN are always the most important things to have to survive. Lol.
  • vypur85 vypur85:
    Yea I came last year. I was quarantined for about 30 days. Fml. The first day of my quarantine was the eve of Chinese new year last year. Fml again... Lol.
  • vypur85 vypur85:
    @tom_mai78101 IIRC you're from Taiwan right.
  • The Helper The Helper:
    I thought China had cracked down on having any foreign teachers?
  • vypur85 vypur85:
    Yeah I've heard of the news before. My school is still actively hiring foreign teachers. Not sure how things work now.
  • The Helper The Helper:
    yeah it is hard to get reliable information about that kind of stuff
  • The Helper The Helper:
    but you are doing it so it is still doable
  • vypur85 vypur85:
    I think it doesn't affect existing foreign teachers. Then again, its still weird that my school is hiring.
  • The Helper The Helper:
    Happy Monday people hope everyone has a fantastic week!
  • Ghan Ghan:
    Happy Monday?! That's a contradiction.

    The Helper Discord

    Members online

    No members online now.

    Affiliates

    Hive Workshop NUON Dome World Editor Tutorials

    Network Sponsors

    Apex Steel Pipe - Buys and sells Steel Pipe.
    Top