Hackers have used an incredibly simple method to erase the contents of a man’s laptop, smartphone, tablet, and Gmail account. All they needed: three basic pieces of information, including a name, billing address, and an email address.
The victim of this attack: Mat Honan, a writer for Wired Magazine. Last weekend he discovered that someone had infiltrated his iCloud account, where they stole and then erased all of the digital content for his iPhone, iPad, and MacBook computer. He was further stunned to find that the hackers had made their way into both his Gmail and Twitter accounts, where they deleted the former and posted racist and homophobic messages on the latter.
How could this happen?
For the hackers, gaining access to Honan’s entire digital life was easier than you’d think. All they needed was his billing address, email address and name.
Because until recently this was the only information Amazon required in order for someone to call in and request access to one of its accounts.
Once the hackers had made that call, they were able to peruse everything in Honan’s Amazon account. There, they found the last four digits of his credit card. This was enough information for the hackers to call Apple, where they were granted access to Honan’s iCloud account.
Over the next hour they shut Honan out of his devices and proceeded to wipe vital personal information from all of them, in addition to manipulating his Gmail and Twitter accounts.
Understandably, Honan was both devastated by the attack and furious with Apple and Amazon.
“In the space of one hour, my entire digital life was destroyed…What happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s…The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.”
Amazon has since quietly changed its security policy to prevent people from accessing vital account data by calling in with a name, email address and billing information. However, it remains unclear how Apple will respond, or if either of the firms plan to offer Honan compensation.