Epic hacking - Wired Senior Writer

[Soulchilde]

I'm surprised no one here has posted about this

Its a long read, but the gist of the story two hackers gained access to the writer life by calling Amazon and Apple Customer Service to take over his accounts and they begin to wreak havoc. 


Scary times indeed

[gellar]

I've been meaning to find the time to read this for a while... just haven't had it yet.  Really interesting though.

[leo8877]

Yes very scary.  Looks like Amazon has closed their side of the security hole already and I'm sure Apple will follow.  I feel bad for the guy who lost all the photos of his daughter's first year (iirc).

[raydude]

Yeah, I feel badly for him. But still, not backing up any of his photos? Even if he wasn't hacked there is still the possibility of the laptop getting stolen or the hard drive failing out of the blue. Was he going to wait until his MacBook started acting funny before he backed stuff up?

[hepcat]

Granted, he's partially at fault for not backing up his data, but that's still some scary and heinous crap on the part of the hackers.  

[raydude]

Granted, he's partially at fault for not backing up his data, but that's still some scary and heinous crap on the part of the hackers.  

Oh no doubt. I promptly enabled two-factor authentication after reading it and thanked the lords of kobol that I don't use apple email.

[Crawley]

That type of "hacking" method doesn't seem so new though, at least the Apple portion of how they got the info where they just provided two pieces of additional info outside of the security questions.

I know back in the day when most email accounts were tied to companies like MSN or AOL one method someone might use to get access to an account was just by contacting support. The person would say they are the user, and when they asked the security question(s) just mumble the response. Sometimes the support agents would let slip the correct security response or might accept the mumble response thinking they heard the correct response. Or worse just accept the answer to complete the interaction to meet their response time quota. Basically through persistence of contacting support they could get access to the account.

The part that sucks about this is that by making everything tied together to make things easier to manage it puts you at a huge risk of losing access to everything.