Apple & Amazon security patched after hack

No primary category set

How secure is your digital presence? How easy would it be for someone to take over your various online accounts and piece together enough information to compromise your eBay, Amazon and PayPal accounts? Not very according to a recent victim Mat Honan, and all the hackers wanted from him was his Twitter account @Mat.

Surprisingly it took very little for them to wipe his iPhone, blank his iPad and even erase all the data on his MacBook, not to mention deleting his gmail account and of course broadcast racist and homophobic messages on his Twitter account.

It appears very simple, and mainly because Amazon and Apple considered different bits of personal data to be important. It also wasn’t helped that his gmail and Apple me.com email address used the same prefix, not unusual for many people but this made them easy to match and his physical address was easy to find from his website domain registration via a Whois lookup.

The way it worked was that once the hackers figured out his apple email address from the account recovery page on Google they had most of what they needed. Google displayed m••••[email protected] as the back up email address so now the hackers knew to target Apple. All they needed for Apple was his address (Whois) and the last four digits of his credit card.

Apparently the credit card was the easiest bit of the lot, the hackers simply phoned Amazon and asked to add a bogus credit card to the account (you just need the street address and email address both of which they had by this time). Then a little later they rang Amazon back claiming to be locked out of the account and using the name, billing address, and the new credit card number as credentials Amazon allowed them to add a new email address. Reset the Amazon password using the new email address and you can view all credit card information including the last four digits of the genuine card on the account.

Back to Apple with the genuine card details, name and address and the hackers took over the Apple account, wiped the iPhone, iPad and Macbook and used the Apple me.com email address to reset the gmail password. Reset the Twitter password with gmail and promptly wiped the gmail account too.

The hackers say they did it to highlight security issues. However it’s frightening how easily it can be done.

It makes a good case for using a different email address (not just the domain, but the first part too) for your online accounts and having a unique address that you use for nothing else registered for those accounts that have a back up email address.

However it’s also worth noting that the information Amazon considered unimportant enough to display in plain text in Mat’s Amazon account was the very information Apple considered secure enough to update a password. The more accounts you have the more likely it is that there’s enough information out there about you to attack one of your online accounts, and it looks like that once one is compromised the rest will all follow.

Thankfully Amazon and Apple have updated their security to ensure this hack can never occur again, but which other companies could be used to access all of your online life?

5 Responses

  1. I appears the whole of the internet is built on a stack of cards. Any dummy with a little knowledge and no scruples can ruin your digital life.

  2. Good job in highlighting this Chris.

    I guess you have to take a balanced approach the risk involved and take appropriate preventative measures.

    Sure it’s scary that a hacker can compromise your accounts and wreak havoc across your digital presence. But you could get knocked over by a bus, a car, get mugged, fall down a drain or meet some other horrible demise each time you step out of your front door. Do you stay at home or become OCD? I bet some do, but most people take sensible precautions to avoid falling down drains without it affecting their enjoyment and participation of the real world.

    I think the same applies to your digital existence. I read this article recently https://www.guardian.co.uk/technology/askjack/2012/aug/09/hacking-internet-email-cloud-computing?newsfeed=true if you follow all or most of the advice contained within it (which admittedly may take a little effort to implement) then you can carry on enjoying your digital life, knowing that you are as safe practically possible from the nasty haxors. If you don’t then it’s the equivalent of walking down a busy street with your wallet hanging from your belt by a piece of cotton. You wouldn’t do that, would you? 😀

RELATED POSTS..

Sophie Slade Hunswick, Content Director from Amazon consulting agency Sitruna

Mastering the Amazon: Navigating the Currents of E-comm Logistics

Amazon Business in Europe

New Amazon Business ‘Prefer Small and Medium Enterprises’ feature

Lessons from optimising Beechmore Books - An Amazon Best Seller

Lessons from optimising Beechmore Books – An Amazon Best Seller

Meet the woman behind a 6-figure health snack brand Kooky, selling on Amazon

Meet the woman behind a 6-figure health snack brand Kooky, selling on Amazon

Amazon’s first-ever Big Spring Sale

Amazon’s first-ever Big Spring Sale

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars