Apple admits fault in iCloud hack situation
Spokesperson admits:internal policies not followed
TechLife | 08 Aug 2012 :
Apple has admitted that its "internal policies were not followed completely" in a case that enabled hackers to access technology journalist Mat Honan's (pictured) iCloud account.
Apple spokesperson Natalie Kerris told Macworld: "Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer's data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."
Yet another embarrassing cloud service muck-up, although this one had nothing to do with systems per se and more to do with sloppy customer service, publicly available information and human error. Had customer service representatives from Amazon and Apple not been so forthcoming with personal data it's unlikely Honan would have suffered the horror of having his entire digital life erased, albeit temporarily.
Setting up two-step authentication would have saved his Google account but the bulk of the damage done to his Apple devices came direct from the company itself.
The lesson? Back everything up locally, use strong passwords and two step authentication, and pray anyone entrusted with your personal data knows to manage it responsibly.
According to Honan's account, the hackers called Apple, gave his name, address and the last four digits of his credit card (which they got from Amazon). Apple technical support reset his iCloud account and issued a temporary password.
Once the hackers had access to Honan's iCloud account they were able to use Find My iPhone and Find My Mac to remotely wipe his iPhone, iPad and MacBook Air. With access to his Google and Twitter passwords they were able to delete his Gmail account and use, not only his Twitter, but also Tweet to Gizmodo's Twitter account.
Apple has not confirmed that they will be making any security changes to iCloud so the best advice is to ensure you have strong and unique passwords for your different accounts and that you don't use webmail for password recovery.
Coincidentally the story of the iCloud hack came just as Apple co-founder Steve Wozniak delivered a presentation about his fears for the cloud. He revealed that he thinks the cloud is going to be "horrendous." "With the cloud, you don't own anything. You already signed it away. The more we transfer everything onto the web, onto the cloud, the less we're going to have control over it," he said.
IDG News Service