The password worm hole
Earlier this week we told you about Mat Honan’s experience of getting all his Apple devices wiped clean by a hacker (iPhone, iPad, Macbook erased in a matter of minutes). The derelict hacker called Apple’s tech support and used Honan’s Apple ID – the username you use to log in and buy/download stuff on iTunes – to do his bidding. Honan has been writing about his wild ride on his blog and on Wired, where he is a reporter, and it turns out Apple isn’t the only one who had such an easy workaround. Amazon had a similar protocol, which is how the hackers initially spoofed Honan’s account.
The security gap was used by hackers, one of whom identified himself as a 19-year-old going by the name “Phobia,” to gain access to Honan’s Amazon account on Friday. Once Phobia and another hacker gained access to Honan’s Amazon account, they were able to view the last four digits of a credit card linked to the account.
The hackers then used those four digits to trick Apple customer service into thinking it was dealing with Honan. Apple customer service then gave the hackers a temporary password into Honan’s Apple ID, which the hackers used to wipe his iPhone, iPad and MacBook, and gain access to a number of email accounts as well as his Twitter account.
Both Apple and Amazon have shut down call-in access to their accounts, hopefully discouraging others from trying the same scheme.
We’re here to help you navigate this changed world and economy.
Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.
In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.
Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.