 |
| The last four digits of a credit card number, which can be held on file by sites like Amazon, was used as a verification code by Apple, allowing hackers to reset a mat's password |
The incident might seem small on its surface -- just one person's information, not a huge data breach of credit card numbers. But this one very public incident, thoroughly documented by Honan in a Wired article, could be a wake-up call to many who store their information with cloud-based services, including Amazon, Apple and Google.
"My experience leads me to believe that cloud-based systems need fundamentally different security measures," said Honan. "Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing."
What is cloud computing?
The hackers used fairly basic techniques to accomplish the hack. They found Honan's home address and e-mail address online, and after some back and forth with Amazon tech support, used it to get the last four digits of Honan's credit card number. They called Apple customer support pretending to be Honan and used those four numbers along with same billing address to verify his identity, gaining access to Honan's iCloud account and the associated .Me account. The .Me account was Honan's backup e-mail for his Gmail account. Once they were in his Gmail, the hackers could reset passwords for all the key accounts that used Gmail, including Twitter accounts.
Once in, the hacker spammed Honan's Twitter followers and deleted all the data from his various devices. The remote wipe option is a security service offered by Apple as part of its Find My Mac/iPhone/iPad feature. If devices associated with the Apple ID are stolen, the owner can execute a remote wipe to prevent their data from falling into the wrong hands... CNN π¨ Comment #️⃣ Technology
Share Your Thoughts