What better way to trash tycoons such as Apple and Amazon as a hacker than to attack a reporter’s accounts? After a recent epic hack of a “Wired” reporter’s iCloud account, Apple and Amazon decide to change security policies.
It was just a few days ago that Steve Wozniak called available cloud storage solutions to be “horrendous”. Shortly after, a reporter from “Wired” learned the hard way what an epic hack means. Mat Honan’s epic hacking of Gmail, AppleID account, Amazon and Twitter through the use of a security flaw prompted a security policy change from Apple and Amazon.
Amazon reacted promptly and quietly. The company decided to change its security policy to prevent changing account settings via phone call. Apple had a similar reaction and is now putting on hold all new AppleID password requests made via phone.
“Right now, our system does not allow us to reset passwords. I don’t know why” said one AppleCare employee to a reporter from Wired. A company spokesman told Wired yesterday the hack was possible because “own internal policies were not followed completely”. At the moment Apple is in the process of “reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected”.
“In the space of one hour, my entire digital life was destroyed” reads Mat Honan’s article on his epic hacking. “First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages” he added.
But the hack reached epic proportions, when hackers exploited a security flaw and broke into Honan’s AppleID account. From that point on, hackers erased everything on the reporter’s iPhone, iPad and MacBook.
As most users, Honan thought cloud storage is safe and failed to back up his data. But it was a security policy Apple and Amazon used that got exploited and allowed hackers access to everything. Honan explained he “daisy-chained” his Apple and Amazon accounts for convenience.
It was Apple tech support that gave hackers access to the reporter’s account although they couldn’t answer the security questions set. It was a partial credit card number than prompted the damage. “The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification” said Honan.