Apple says it's looking into how users can reset their passwords to protect their data, following a hack exploiting a loophole in its customer tech support.
Wired journalist Mat Honan's iCloud was hacked last week, allowing the bad guys to remote wipe his MacBook Air, iPhone and iPad within minutes. They also accessed his Google account.
Honan says the hacker was able to get in via Apple tech support. And now Apple has responded.
"Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password," an Apple spokesperson told Wired.
Article continues below
"In this particular case, the customer's data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."
Little info needed
Honan wrote a lengthy piece detailing how the hacker was able to pull it off. And he found you don't need that much info in order to decimate someone's digital storage.
"And so, with my name, address, and the last four digits of my credit card number in hand, Phobia [the hacker] called AppleCare, and my digital life was laid waste," he wrote.
Wired used the same technique to hack into someone's iCloud account again yesterday, showing that this particular loophole is still wide open. Which is a little worrying to say the least. Let's hope Apple sorts this out soon.