Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Support Allowed Hacker Access to Reporter's iCloud Account
- Thread starter MacRumors
- Start date
- Sort by reaction score
Do we know with certainty that the information wasn't simply given to (or allowed to get to) the "hacker"?
Honestly, this whole things sounds like a click-generating con job.
Don't have one account to rule them all...
Smarter to have them compartmentalized. Have one account for email, one for iTunes store, and one for findmyicrap.
Many reasons for this.
1. To prevent what just happened. Hacking into iCloud mail account would make it harder, but not impossible, to do damage on other accounts.
2. You can share an iTunes store account with family without having to share email.
3. You can add idevices to findmyicrap that don't have to be yours. For example, my wife and I use this account, which really helps us find the other person in an emergency, locate the other person's phone, or even force an important text to them even if there is spotty cell coverage or the ringer is off and they aren't paying attention.
Now, could this jerk have forced his way into all 3? Probably, but the random person isn't going to know that all 3 exist in most cases, unless they really scour your inbox for clues, as long as you don't stupidly list them in your personal contact.
Smarter to have them compartmentalized. Have one account for email, one for iTunes store, and one for findmyicrap.
Many reasons for this.
1. To prevent what just happened. Hacking into iCloud mail account would make it harder, but not impossible, to do damage on other accounts.
2. You can share an iTunes store account with family without having to share email.
3. You can add idevices to findmyicrap that don't have to be yours. For example, my wife and I use this account, which really helps us find the other person in an emergency, locate the other person's phone, or even force an important text to them even if there is spotty cell coverage or the ringer is off and they aren't paying attention.
Now, could this jerk have forced his way into all 3? Probably, but the random person isn't going to know that all 3 exist in most cases, unless they really scour your inbox for clues, as long as you don't stupidly list them in your personal contact.
Here's one idea. Apple should allow customers to flag their accounts in such a way that no matter who calls in and proves they are that person, Apple is to, under no circumstances, give out the password or reset the account password for that user. You lose it, too bad. Burn it down and start over.
When is a backup not a backup? When it's online. The hacker wiped all three devices. Only an offline backup will protect you. http://seacliffpartners.com/wordpress/?p=867
Don't use IE, and set the UAC down to the lowest (not off) level. You'll get one warning when you run an .exe file that intends on elevating to administrator.
----------
That's pretty much what Lastpass (and I assume 1password and the rest) does. They state right up front that they do not keep track of your master password. You lose it, they can't get it back for you, and you're screwed.
Take away everyone's digital worlds and store them all in one place: what could possibly go wrong with that plan.
I do worry that the security needed to protect in an integrated world will become too burdensome, and despite it all there will always be human error.
And then when it goes wrong many will blame.
I'm responsible for my information. No one else.
And then when it goes wrong many will blame.
I'm responsible for my information. No one else.
Is not iCloud supposed to be automatically backed up? If you use the cloud and then still have to do manual back ups, do you really need such cloud?
----------
There is a better way - do not keep your data with companies that do not care about security (like Apple).
No doubt. iCloud, MobileMe, any service, can wipe your device by accident. Your data can also be accidentally destroyed by syncing with a "corrupt" device. Relying on Apple to preserve your data is waiting for a disaster.
The cloud makes syncing convenient, but it's not someplace to rely on for 100% data protection.
Now you could also backup to a cloud storage independent of Apple, where there is no sync involved. If you manually do it, it's in two places and having your data automatically deleted because it's not the "newest" version is not going to happen unless you make that mistake yourself. And in that case, nobody can help you anyway because you don't know what you are doing.
----------
Not only that, but this world we are creating is too difficult for anyone over 60 to keep up with, yet they are being asked to, or forced to, by their banks, brokers, etc. They can't handle passwords well, so they use simple ones, write them down on their desk where people (nurses, housekeepers, children, whoever) can see them and exploit them, etc. It's a situation where security for those who can't handle the digital age has taken many steps backward.
It doesn't backup everything on the computer. Also you also do offline backups and not rely solely on providers whether that's Apple, Google, Microsoft, etc.
This!
I trust only backups that I have in my own keeping (either onsite or offsite). I've never been convinced about the cloud, and this makes me even more wary.
Tyhe question of backups is hotly debated. Arguably, Honan did have backups, he had multiple devices and cloud storage (or at least the opportunity to backup to the cloud). None of that matters if the cloud account is hacked or otherwise compromised.
I trust only backups that I have in my own keeping (either onsite or offsite). I've never been convinced about the cloud, and this makes me even more wary.
Notwithstanding he should have had his own backup, wouldn't it makes sense for apple to have a separate backup of an iCloud account that lasts for a couple of days longer than an immediately deleted account.
Or even an undelete for individual files that lasts a day.
There will probably be a shedload of users who won't back up an icloud account.
Or even an undelete for individual files that lasts a day.
There will probably be a shedload of users who won't back up an icloud account.
Beware of Gizmodo/Apple's prior relationship
ICloud definitely needs to improve its security design. Especially consider using client side encryption. And maybe Apple should never have a way to reset user password's at all.
Nevertheless we should be aware of Gizmodo's prior relationship with Apple which turned sour.
http://news.cnet.com/8301-13579_3-20003446-37.html.
So the question is
1. Did he give very available public information as his password recovery answers?
2. Who is to know if he was the one who did call Apple and ask for a reset and this is all a getting back drama?
ICloud definitely needs to improve its security design. Especially consider using client side encryption. And maybe Apple should never have a way to reset user password's at all.
Nevertheless we should be aware of Gizmodo's prior relationship with Apple which turned sour.
http://news.cnet.com/8301-13579_3-20003446-37.html.
So the question is
1. Did he give very available public information as his password recovery answers?
2. Who is to know if he was the one who did call Apple and ask for a reset and this is all a getting back drama?