Journalist Gets Hacked… Blames Apple Tech Support

Here is a perfect example of doing everything right and bad things still happen:

Former Gizmodo reporter Mat Honan is blaming an AppleCare technician for allowing his personal e-mail and Twitter accounts to be hacked, as well as the tech blog’s official feed.

The Gizmodo breach, apparently perpetrated by a person or group of people calling themselves Clan W3, was brief but resulted in racist and offensive tweets being sent to the tech blog’s 415,000 followers on Friday. Gizmodo initially blamed its former reporter for the tweets and quickly regained control of its account.

But Honan, who currently works for Wired, was not so fortunate. He described in a blog post how he had learned his iCloud account had been breached by a hacker who wiped his devices and gained access to his Gmail and Twitter accounts. Now he says an Apple technician fell victim to social engineering, a technique of manipulating people instead of computers to perform a task or divulge information:

I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.

Isn’t that just delightful? Here’s what’s really bad about this:

Honan says the hacks occurred Friday evening when someone gained access to his iCloud account and reset his password. That led to the remote wipe of his iPhone, iPad, and MacBook Air and hijack of the Twitter accounts. The blog also describes the challenges he faced in regaining control of his devices and accounts.

He said he initially suspected the hacker used brute force to learn his seven-digit alphanumeric password, but Honan said in a blog update that someone claiming to be the hacker contacted him, saying he “didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”

Suddlenly, I don’t feel so paranoid because I change all my passwords every 60 days. Though that wouldn’t have helped in this case. Apple really needs to explain what happened here and assure their users that this cannot happen again.

Leave a Reply