April 18, 2024
Your iCloud Account Can Easily Be Hacked With a Little Info and a Call to Apple

Your iCloud Account Can Easily Be Hacked With a Little Info and a Call to Apple

Posted August 7, 2012 at 1:08am by iClarified
Wired's Mat Honan has posted a lengthy report on how his iCloud account was recently hacked by a simple, and easily duplicated, phone call to Apple.

It turns out that all you need is a billing address and the last four digits of a credit card to get Apple to reset an account password, and these details are easier to obtain than you might think.

Apple tech support confirmed to me twice over the weekend that all you need to access someone's AppleID is the associated e-mail address, a credit card number, the billing address, and the last four digits of a credit card on file. I was very clear about this. During my second tech support call to AppleCare, the representative confirmed this to me. "That's really all you have to have to verify something with us," he said.


Apple spokesperson Natalie Kerris told Wired, "Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer's data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."

Today, Wired tried to use the hacker's technique themselves. They were successful.

Briefly, here's how the hacker was successful in this case. At Honan's website he found his gmail address. Using gmail's password recovery page he was shown enough of his @me.com address to decipher the full username. Then Honan's billing address was found via a whois of his website's domain. The hacker then contacted Amazon and added a fake credit card to Honan's account. Next the hacker contacted Amazon again and added a new email address to the account using the fake credit card as authorization. Using the new email account he requested a password reset and gained access to see the last four digits of all cards on file. Finally, the hacker called Apple with the email address, billing address, and last four digits of the credit card to have Apple support reset the password.

While this may seem a bit lengthy of a procedure, a delivery person could do the same without going through any of those hoops.


You can find the full story at the link below...

Read More


Your iCloud Account Can Easily Be Hacked With a Little Info and a Call to Apple
Follow iClarified
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (9)
You must login or register to add a comment...
Add Comment
jerome moral
jerome moral - March 14, 2014 at 2:39pm
sir plss help me .. my iphone 4s needs to bypass to icloud activation.. i forgot my apple id and password.. i'm seconhand user sir.. GB.
Reply · Like
Anna Groth
Anna Groth - July 26, 2014 at 12:56pm
I bypass the iCloud activation screen lock on my iPhone 5c whit the hack tool from this page www.bypassicloudactivationlock.net . Good luck
Reply · Like
Dicky
Dicky - January 17, 2014 at 6:56am
i could made, it possibility to broke, that it not the purpose, to make moore perfect technology for any corporation who claimed them best one
Reply · Like
Russell
Russell - August 8, 2012 at 8:05pm
Sounds like it was Apple's fault for using the last 4 digits as verification. Everybody knows the last 4 are visible on nearly every receipt generated, brick & mortar and online.
Reply · Like
joyz
joyz - August 7, 2012 at 2:46am
This is BS... He wasn't hacked -- more likely phished...
Reply · Like
PICO
PICO - August 7, 2012 at 2:41am
So in order to hack apple you have to exploit massive security holes in amazon first. Seems people are missing this point. If the account details where not compromised on amazon first then no hack would have occurred
Reply · Like
farpthor
farpthor - August 7, 2012 at 3:01am
But then there wouldn't be news, so let's just forget about this Amazon part of the story.
Reply · Like
Frank
Frank - August 7, 2012 at 4:44am
As mentioned in the article, the last four digits of your credit card are semi private. They are on many receipts. Ex. If you order a pizza for delivery online and pay with your credit card the delivery guy has your email, last four digits, and billing address. Bam. Access to all your info after calling Apple for a password reset.
Reply · Like
Frank
Frank - August 7, 2012 at 2:07am
They used it to remotely erase all his ios devices and macbook.
Reply · Like
Recent. Read the latest Apple News.
RECENT
AltStore PAL Offers Alternative to App Store in the EU
AltStore PAL Offers Alternative to App Store in the EU
Apple Renews 'For all Mankind' for Season 5, Announces 'Star City' Spinoff Series
Apple Renews 'For all Mankind' for Season 5, Announces 'Star City' Spinoff Series
Apple Shares Official Trailer for Season 3 of 'Acapulco' [Video]
Apple Shares Official Trailer for Season 3 of 'Acapulco' [Video]
TikTok Launches Instagram Rival 'TikTok Notes' [Download]
TikTok Launches Instagram Rival 'TikTok Notes' [Download]
Apple Notes App to Get Integrated Voice Memos and Math Notes [Rumor]
Apple Notes App to Get Integrated Voice Memos and Math Notes [Rumor]
More News
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Monterey
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
More Tutorials
Deals. Save on Apple devices and accessories.
DEALS
New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]
New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]
Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]
Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]
T-Mobile Offers Free Blink Security Camera System With 5G Home or Small Business Internet
T-Mobile Offers Free Blink Security Camera System With 5G Home or Small Business Internet
AirPods Pro 2 With USB-C On Sale for $189! [Deal]
AirPods Pro 2 With USB-C On Sale for $189! [Deal]
iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]
iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]
More Deals