Gizmodo writer Mat Honan just passed a hard weekend - a hacker gained access to his iCloud account, wiping his Mac, iPhone and iPad, thanks to Apple’s iCloud and Apple tech support.…
Honan explains how it all went down:
“At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years.
The backup email address on my Gmail account is the same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone. At 5:01 PM, they remote wiped my iPad. At 5:04, they remote wiped my MacBook Air.
A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well.”
And because he didn’t have any backups, Mat says he lost more than a year’s worth of photos, emails, and documents. Ouch. And apple said that none of this is recoverable without serious forensics.
So how did all of this happen? A brute force attack? A key logger? Nope, Apple essentially handed the hackers Mat’s iCloud password.
”Update three: I know how it was done now. Confirmed with both the hacker Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.”
According the latest support, Apple is now recovering data for him now, but not successful yet. So, back up is important, dude!