Giant Security Hole Revealed In Apple's Tech Support Practice
Hackers used good old-fashioned social engineering to dupe an Apple support technician into giving them the password for Wired reporter Mat Honan's iCloud account. Armed with this information, hackers proceeded to wipe all data on Honan's Apple devices and take over his Twitter account, using it to spew racist and homophobic messages.
First, a flaw in Amazon phone support process allowed hackers to access Honan's account page, which displays the last four digits of a user's credit card number. Then, because Apple only required the last four digits to verify a customer's identity, hackers were able to access Honan's Apple ID account and start their devastating tap dance on his privacy.
Apple has changed its phone support policy for resetting customers' passwords, and plans unspecified additional measures to ensure this doesn't happen again, but the incident exposed a giant hole in the security of a system that encompasses more than 400 million user accounts.