Five Companies That Dropped The Ball This Week

Email this CRN article

Giant Security Hole Revealed In Apple's Tech Support Practice

Hackers used good old-fashioned social engineering to dupe an Apple support technician into giving them the password for Wired reporter Mat Honan's iCloud account. Armed with this information, hackers proceeded to wipe all data on Honan's Apple devices and take over his Twitter account, using it to spew racist and homophobic messages.

First, a flaw in Amazon phone support process allowed hackers to access Honan's account page, which displays the last four digits of a user's credit card number. Then, because Apple only required the last four digits to verify a customer's identity, hackers were able to access Honan's Apple ID account and start their devastating tap dance on his privacy.

Apple has changed its phone support policy for resetting customers' passwords, and plans unspecified additional measures to ensure this doesn't happen again, but the incident exposed a giant hole in the security of a system that encompasses more than 400 million user accounts.


Email this CRN article