Wow! I have never thought Apple support was all that helpful. I have had my run-ins with them being less than helpful. How this guy got all this info over the phone is amazing!
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Support Allowed Hacker Access to Reporter's iCloud Account
- Thread starter MacRumors
- Start date
- Sort by reaction score
My 4TB backup drive is buzzing with glee 
Anyone knows if his dropbox account was compromised as well (as long as the password was different form icloud's one) ? I have copies of settings, documents and most important files encrypted on db.
Anyone knows if his dropbox account was compromised as well (as long as the password was different form icloud's one) ? I have copies of settings, documents and most important files encrypted on db.
Why? Because he didn't have backups of his data? Because he talks too much about personal stuff that gave someone the tools to spoof his id with apple?
Neither is Apple's fault.
And likely fail. Any respectable venue will fact check before publishing and any blog will just be dismissed as hit whoring. That this guy isapparently from Gizmodo doesn't bode well for him being believed as the tech world (especially blog readers) are dead certain that everyone Giz is violently anti Apple after being made site non grata over the iPhone 4. Not sure they have gotten back in the invite/press release list yet or ever well. They have taken to posting hyperbolic digs every chance they can. Many folks are going to question if any of these events happened at all simply because of the Giz connection
1 copy on device one, 1 copy on device two, 1 copy on device three. That's what he did. What the hell do you mean with 'media type b' by the way?
And I wouldn't suggest anyone backing-up to a cloud service if you care even a little about your privacy. Especially not if it's a free service: they make money by selling your info in that case.
Apple just doesn't get security:
Annoying and arbitrary requirements for choosing a password (not effective)
Forcing users to enter their password when downloading FREE apps (or FREE updates) on their tiny touch-screen smartphone*, resulting in most people using simple passwords to make that less painful.
The removal of custom security questions.
Lack of secure proofs
No two factor authentication
*No, this is not a pop at the iPhone - it's just a simple fact that it's hard to type on a touch-screen, particularly when you can't see the characters that you've already typed. You don't have to do this on Android, you don't have to do this on Windows Phone - it's just unnecessary.
Annoying and arbitrary requirements for choosing a password (not effective)
Forcing users to enter their password when downloading FREE apps (or FREE updates) on their tiny touch-screen smartphone*, resulting in most people using simple passwords to make that less painful.
The removal of custom security questions.
Lack of secure proofs
No two factor authentication
*No, this is not a pop at the iPhone - it's just a simple fact that it's hard to type on a touch-screen, particularly when you can't see the characters that you've already typed. You don't have to do this on Android, you don't have to do this on Windows Phone - it's just unnecessary.
Last edited:
Risks? Sure, and so does the cloud.
As a back of an envelope, though, what's the chance that your residence will be burglarized or burn down? One in a 100,000? So the chance that both your house and the location of your secondary backup will burn down is one in 10 billion. That's a pretty good improvement for just the $100 it costs for a second external drive.
Anyway, yes, the backup situation is only the secondary plot here. From what I've read in this thread, this Gizmodo guy had *no* backup. For that, there is no excuse.
I imagine that the hacker had less information on the author than a friend or acquaintance could gather on you. If it were this easy to social engineer a reset on your iCloud/AppleID account and gain access to whatever is tied to it (devices, other email, paypal, etc.), how isn't that Apple's fault?
Just adds to my theory that this guy set himself up by talking about stuff he shouldn't have and gave the hacker more than ample fuel to play his game and win.
Like the tale from a few years ago about Selma hayek's dotmac account being hacked because her user name was selmahayek, her birthdate was on imdb and the security question was 'my first Oscar nom' also on imdb.
I would do something like "fake turn-off" which would allowed a thief to "turn it off" while you could still use Find my iPhone. For example after one wrong pin (if you use pin code on lock screen) this feature would be automatically turned on, without warnings or something like that. The only possible way to turn this feature off after it was turned on would be via Find my iPhone (or via iCloud)
My two cents.
It's entirely Apple's fault.
Apple has (in virtually every major country) a legal obligation to protect the data of their customers.
When they fail to do that, they're breaking the law.
There's plenty that can be done to combat social engineering, but Apple hasn't ever stated what they do to combat it.
And if it wasn't allowed, Apple would be blasted over that and their 'you forgot your password and the email is from five years ago and you can't access it anymore, sucks to be you' attitude
Of course they all come with risks and problems. The point is having several backups in several locations minimises the risk of losing data forever. If I have two backups and lose one, I've really only lost a disk and no data.
I mean, using a service that can remote wipe your computer, accessible through a single password, and not keeping even a single backup? Not smart.
Having a backup next to your computer? Smart, but there is a risk that the house burns down or that a burglar takes both the computer and the backup.
Having a backup off site as well? Smarter, since the probability of both locations having something happen to them is a lot lower than your house burning down.
In short, the more backups you have, the more protected you are against data loss. Choosing not to because there is a risk keeping a hard drive in the glove compartment of your car seems kind of stupid.
Yeah. I've been moving a lot into the cloud lately and then, being that I'm from the generation that actually just barely pre-dates the internet being everywhere and a thing, thought better, bought a cheap 1 TB Seagate HD from Costco and backed everything up the old fashioned way. I should note I was all along but last year ran out of room on all my backups and decided to switch to the cloud, just yesterday had a panic attack though about it, now I see maybe I was channeling something out there though, unlike this guy, I don't think anyone cares about my stuff.
Even if so, what's it for, if they know your password already - Imagine they've already gained access to your iCLoud account...
Best would be to implement 2 step verification like google has - it works perfectly. Also as some guys mentioned above, PIN for turning off the device would be a huge improvement in security as the device could not be turned off immediately. Also I can imagine some kind of state while the device keeps some battery reserve to be able to respond to iCloud (FindMyiPhone service) and be trackable if the device is turned off and the PIN was not entered.
Apparently you don't know how social engineering works. A good social engineer will make someone think they are someone else - giving them no reason not to believe otherwise. Clearly Apple is going to "help" this imposter out - because they think it is the victim.
I use both Time Machine and Crashplan.com. Very easy, very cheap, unlimited offsite backup.
There is a middle way. I have an account on a site for trading stocks that will only send a password to either the registered address or your official address with snail mail after having answered a series of questions.
If you want to have an anonymous account you're screwed, but for the rest of us it's pretty safe...
Also, there are different passwords involved with logging in, transferring funds, selling, buying etc. that can't be the same.
Somewhere along the way being rude became synonymous with "keeping it real".
