Gizmodo employee's iCloud account hacked with some serious damage done

Status
Not open for further replies.

ugahairydawgs

macrumors 68030
Original poster
Jun 10, 2010
2,706
1,327
Let this be a warning to all. Find My Device is great, but there are definitely some potential drawbacks.

Exhibit A
 

calderone

macrumors 68040
Aug 28, 2009
3,679
86
Seattle
The problem seems to be with Apple support being susceptible to social engineering.

Let's hope they start training staff properly.
 

D.C.M.

macrumors newbie
Aug 4, 2012
11
0
"Update Three:
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were."
 

noteple

macrumors 65816
Aug 30, 2011
1,407
323
Another teaser headline.
I agree it would be interesting to get all the facts.
Somebody really had it out for that guy.
 

miles01110

macrumors Core
Jul 24, 2006
19,269
30
The Ivory Tower (I'm not coming down)
Another teaser headline.
Terrible headline.

The problem seems to be with Apple support being susceptible to social engineering.

Let's hope they start training staff properly.
If the hacker did their homework, anyone would have thought the attacker was the victim. That's what social engineering attacks do. Without the facts it's impossible to place blame, but Apple probably just did what anyone else would have done in the same situation.
 

hafr

macrumors 68030
Sep 21, 2011
2,743
5
If the hacker did their homework, anyone would have thought the attacker was the victim. That's what social engineering attacks do. Without the facts it's impossible to place blame, but Apple probably just did what anyone else would have done in the same situation.
I've got an account at a stock trading site which only sends out new passwords if you call them and answer a series of answers, and the password will only be sent to either the address you had registered with them or your official address, should you for instance have moved.

Considering the potential enormous damage someone can do with someone's iCloud account, I would like to see that they had a somewhat similar security.
 
Status
Not open for further replies.