Tech Reporter's iCloud Account Hacked Via Social Engineering Apple Tech Support
Mat Honan, a tech reporter (formerly an employee of Gizmodo) had his iCloud account hacked into on Friday, leading to havoc being wrought on both personal and work machines, even affecting the main Gizmodo Twitter feed. A quick investigation discovered that Apple tech support is partially responsible for the security breach.
At first, it was thought to be just a brute force attack (aka try all possible passwords until one matches) to get Honan's quite simple password (a seven-digit alphanumeric password) which Honan has used for years. However, when Honan started to reconfigure his account it seemed to be related to Apple's tech support.
According to AppleInsider.com, once the hacker had the password, he changed the pin on Honan's iOS devices. The hacker then deleted Honan's Google account, which could only be restored with the help of his iPhone, which had now been locked out. And worst of all, his MacBook Air, iPad, and iPhone were been wiped remotely because of Apple's Find My Device feature (intended so if you lose a device, any confidential information is removed). Luckily Honan noticed and powered his MacBook Air down before the over-write started.
Once he got back into his accounts, the hacker and Apple's tech support confirmed the hacker gained access not using brute force, but social engineering on Apple tech support, which allowed the hacker to skip security questions. Apple is also working to recover the data that was on Honan's MacBook that was partially wiped in the attack.