facebook rss twitter

Gizmodo reporter is hacked via Apple tech support

by Mark Tyson on 6 August 2012, 12:30

Tags: Twitter, Apple (NASDAQ:AAPL), MacBook Air, iPad

Quick Link: HEXUS.net/qabkk5

Add to My Vault: x

On Friday hackers managed to get control over the Gizmodo tech news site’s Twitter account. This is an account with half a million followers. So, as you can imagine it is quite a horror story for the company concerned. The information required to hack into Gizmodo’s Twitter account was obtained from a former Gizmodo staff member, Mat Honan. Mr Honan didn’t give anyone the login/pass to any of his accounts linked to the Twitter account, but Apple Tech Support did!

A chain is only as strong as the weakest link

The “hacker” didn’t use brute force password cracking or any other such tool to get into Mr Honan’s accounts. Social engineering was reportedly used to get Apple tech support to bypass security questions. The initial access point for the hacker was Mr Honan’s iCloud account. Here’s how the events unfolded over time, quoted from Mr Honan’s Tumblr page;

  • At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash.
  • At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
  • At 5:00 PM, they remote wiped my iPhone
  • At 5:01 PM, they remote wiped my iPad
  • At 5:05, they remote wiped my MacBook Air.
  • A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well.

Famous for 15 minutes

The Gizmodo Twitter account was used by the hackers “Clan Vv3” to post racist and offensive messages between 5.15 and 5.30 US Pacific Time. Well connected Gizmodo and Gawker staff managed to get the account suspended in this short time thanks to a friend at Twitter.

Road to recovery

Mr Honan says Apple tech support is now working trying to recover his data on his wiped devices. He doesn’t have backups of a lot of the data “Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else.” That’s quite a lot to lose. However there is some hope for the MacBook data as the machine was powered down after the data deletion but before the data was written over in the remote wipe process. I think today is a good day to run a backup on my computer…



HEXUS Forums :: 12 Comments

Login with Forum Account

Don't have an account? Register today!
Not a glowing endorsement of apple's security policies, though who would trust them with security I dont know :S
lets hope this teaches some fo the deciples of the cult of apple a few lessons although I fear they will just keep their rose tinted iglasses(trademark) on and swear apple can do no wrong (still).
He works in the tech industry and didn't backup his data?! I'm amazed by that. Shocking.

I'm not in the least bit surprised by Apples part in this mess.
Wow…goes to show that this remote stuff isn't all it's cracked up to be. Apple fanboys surely are incoming though.
Back-ups - simples!