I’m sure most know that when they store their personal stuff on the cloud there is always a risk of being hacked, and this is why a user must use a complicated password to protect their gear on the cloud. However there are times when even a strong password simply isn’t enough, especially if your password is handed to the hackers.
According to an article over in iDownload Blog, this is the truth behind Apple’s iCloud being hacked, not because hackers actually hacked into accounts but because Apple handed those hackers iCloud passwords.
Apparently former Gizmodo writer Mat Honan found that over the weekend hackers had gained access to his iCloud account and wiped his iPhone, Apple iPad and Mac.
Honan says he used a seven digit alphanumeric that wasn’t used anywhere else, and set it up some years ago, and it seemed pretty safe, but it turns out it isn’t, and at 4.50pm someone gained access to his iCloud account and reset the password and sent the confirmation message about the reset to the trash.
Then at 4.52 they sent a Gmail password recovery email to the .mac account, which was the backup email address on his Gmail account , and 2-minutes after he received an email that his Gmail Account password had been changed. Then at 5pm his iPhone was wiped, followed by his Apple iPad, and then his MacBook Air, after which they also took over his Twitter account.
The result of which Honan lost over a years worth of docs, emails and pictures, which Apple says isn’t recoverable without serious forensics. Honan has said he knows how it was done, and has had it confirmed by both Apple and the hacker.
Apparently the hacker gained access through Apple tech support, along with a little social engineering that enabled them to bypass security questions.
Thus it would appear as long as a hacker can convince Apple they are the person that owns the account, a hacker can get into your account without too much difficulty, and although Honan is somewhat more public than most, this attack does highlight a real weakness in Apple’s security.
The guys say they expect Apple to release a statement at some point so they can assure iCloud users that this sort of thing wont happen again.
So there you go, if any of our readers have their personal stuff stored on iCloud, feel free to let us know if you have experienced any attack and lost any stuff by dropping us a line to our comments area below.