08-09-12 07:11 AM
29 12
  1. lnichols's Avatar
    I'm still shocked how popular the story got. I read it on Gizmodo they day it a happened. That's why I don't use any cloud service.

    Sent from my DROID RAZR using Tapatalk 2
    If you are using a DROID RAZR, then you are using Google's cloud service that supports Android!
    08-08-12 04:07 PM
  2. texazzpete's Avatar
    Yeah, that's pretty inept.
    Not a systemic problem with Apple, more like a mistake made by a customer rep...
    08-09-12 05:52 AM
  3. ritesh's Avatar
    Not a systemic problem with Apple, more like a mistake made by a customer rep...
    I suppose the customer rep was hired by Apple.

    Putting the blame on customer rep, is like passing the blame on the company that manufactured the server, which caused RIM's outage last year.
    08-09-12 06:01 AM
  4. JasW's Avatar
    The mistake was not that of the Apple customer rep, it it was that of both Amazon and then Apple.

    The hacker found out the Wired editor's billing address through a WHOIS search of his personal domain, and telephoned Amazon to add a new credit card to the editor's account -- something that just required having the Amazon account name, billing address, and email address. They then called Amazon back and said they couldn't get into the account and needed to add a new email address to the profile -- something that only required the Amazon account name, billing address, email address, and, yup, that new credit card info. Bingo, they got into the Amazon account, where they got the last four digits of the editor's actual credit card. Then it was onto Apple, which of course only needed those last 4 digits of the credit card to reset the Apple ID password.

    Of course, both Amazon and Apple have since closed these exploits. The editor was also at fault for linking his Apple ID and Gmail accounts, which allowed the hacker to change the editor's Gmail password, get into his Twitter account (the hacker's end goal), and finally delete his entire Google account -- including ALL of his photos, which he stored only on Picasa. Obviously having two-step verification enabled on Google would have avoided everything post-Apple ID hack.
    xandermac likes this.
    08-09-12 07:11 AM
29 12