Sci/Tech iCloud hacked: The Dangerous Side Of Apple's iCloud

tom_mai78101

The Helper Connoisseur / Ex-MineCraft Host
Staff member
Reaction score
1,632
Apple‘s iCloud service brings a whole raft of services — email, calendar, contacts, ‘Find My iPhone” and cloud storage — and stores them behind a single username and password. This is very convenient, but if that username and password falls into the wrong hands, you can find yourself very quickly in a world of pain.

This is what happened to Mat Honan, former journalist for Gizmodo and former contributing editor to WIRED magazine. Before the hackers gained access to his Twitter account and that of Gizmodo, the hackers first gained access to his iCloud account, where they caused irrevocable havoc.

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password, and then reset it to do the damage to my devices.

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone.
At 5:01 PM, they remote wiped my iPad.
At 5:05, they remote wiped my MacBook Air.

The end result, is massive devastation.

 
Last edited by a moderator:

KaerfNomekop

Swim, fishies. Swim through the veil of steel.
Reaction score
612
That's the risk when you connect to a hive mind. The hive can connect to you.
 

SouLEDGE

Damn you advanced calculus
Reaction score
75
So I'm assuming he didnt have any physical backups his devices?
That's like having a car and not having insurance.
When will these people learn -_-
 

KaerfNomekop

Swim, fishies. Swim through the veil of steel.
Reaction score
612
Maybe he had physical backups that were also connected to the hive.
 

FireCat

Oh Shi.. Don't wake the tiger!
Reaction score
530
So I'm assuming he didnt have any physical backups his devices?
That's like having a car and not having insurance.
When will these people learn -_-
QFT

I still can’t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else.
 

Slapshot136

Divide et impera
Reaction score
471
the icloud was not hacked - deceptive title

and whoever has 0 backups has no right to whine about data loss - it's as simple as that.
 

phyrex1an

Staff Member and irregular helper
Reaction score
446
the weak password of a single user was compromised.
You're wrong and the article is dated. The victim guessed that his password was brute forced, but this turned out to not be the case. Simplified, the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.

The more complex story involves abusing the different policies used by Amazon and Apple to finally grant access to pretty much everything. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
 

FireCat

Oh Shi.. Don't wake the tiger!
Reaction score
530
the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.
Wow that's pretty scary.
 

Slapshot136

Divide et impera
Reaction score
471
You're wrong and the article is dated. The victim guessed that his password was brute forced, but this turned out to not be the case. Simplified, the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.

allow me to repeat myself: 1 password was compromised (amazon), I never claimed that it was via a brute force attack or anything - and after that there was a domino effect because the accounts were too closely linked - there was no hacking involved, only a couple of calls that were more social engineering than anything else
 

phyrex1an

Staff Member and irregular helper
Reaction score
446
allow me to repeat myself: 1 password was compromised (amazon),
But it wasn't compromised because it was weak, which is what you claimed. If you read my post carefully you'll also find that I never said it was you who claimed that a brute force attack was used, nor did I claim that anything else than social engineering was going on.

Just to be clear about the password: The password set by the victim on the Amazon account was never known to the attacker. Instead, the attacker was able to reset the password to a email address of the attackers choice using only the billing address of the victim. Using a stronger password wouldn't have helped.
 
General chit-chat
Help Users
  • No one is chatting at the moment.

      The Helper Discord

      Members online

      No members online now.

      Affiliates

      Hive Workshop NUON Dome World Editor Tutorials

      Network Sponsors

      Apex Steel Pipe - Buys and sells Steel Pipe.
      Top