Gizmodo employee's iCloud account hacked with some serious damage done

[ugahairydawgs]

Let this be a warning to all. Find My Device is great, but there are definitely some potential drawbacks.

Exhibit A

 

[calderone]

The problem seems to be with Apple support being susceptible to social engineering.

Let's hope they start training staff properly.

 

[Orange Furball]

Holy crap. Glad I don't use icloud! 😱

 

[D.C.M.]

"Update Three:
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were."

 

[ixodes]

Apple Allowed Hackers Into iCloud Account

"Apple Allowed Hackers Access To User's iCloud Account"

http://www.forbes.com/sites/adriank...lowed-hackers-access-to-users-icloud-account/

 

[noteple]

Another teaser headline.
I agree it would be interesting to get all the facts.
Somebody really had it out for that guy.

 

[ixodes]

Another teaser headline.
I agree it would be interesting to get all the facts.
Somebody really had it out for that guy.

You're right. Apple craves headlines 🙂

 

[miles01110]

Another teaser headline.

Terrible headline.

The problem seems to be with Apple support being susceptible to social engineering.

Let's hope they start training staff properly.

If the hacker did their homework, anyone would have thought the attacker was the victim. That's what social engineering attacks do. Without the facts it's impossible to place blame, but Apple probably just did what anyone else would have done in the same situation.

 

[hafr]

If the hacker did their homework, anyone would have thought the attacker was the victim. That's what social engineering attacks do. Without the facts it's impossible to place blame, but Apple probably just did what anyone else would have done in the same situation.

I've got an account at a stock trading site which only sends out new passwords if you call them and answer a series of answers, and the password will only be sent to either the address you had registered with them or your official address, should you for instance have moved.

Considering the potential enormous damage someone can do with someone's iCloud account, I would like to see that they had a somewhat similar security.

 

[MacDawg]

Let's all join the news thread and keep everything in one place
Thanks 🙂