Apple Takes Security Precautions In Light Of Honan Hacking
One of this week’s big tech stories has been the hacking of Wired reporter Mat Honan, who had his digital life “destroyed” by hackers, after they took over his Google account, his Twitter account, and his AppleID.
AppleID allows users to log in to iTunes, iCloud, iChat, Apple’s online store, Apple retail stores and Apple.com support.
He admits that much of his ruination could have been avoided by some precautions he failed to take himself (such as two-step verification on his Google account), but he also pointed a couple of fingers at Amazon and Apple, saying in his highly publicized Wired article:
Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information – a partial credit card number – that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
This isn’t just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.
Also my source at Apple confirmed issuing password reset based on name, last 4 of CC, address, and AppleID was “absolutely” Apple policy
In a follow-up Wired piece, Honan (along with Nathan Olivarez-Giles) reports that Apple ordered its staff to “immediately stop processing AppleID password changes requested over the phone” for at least 24 hours. The piece also indicates that Amazon has closed a security hole of its own.
Not that this is much of a new revelation, but Honan’s tale has really illustrated just how delicate our online profiles really are, and more specifically, how our various online accounts are connected with one another to a fault.
If all of this can happen to a senior writer at a major tech publication like Wired, what makes you think it can’t happen to you?