iCloud Hacked Article

Discussion in 'Apple' started by Fred Moore, Aug 6, 2012.

  1. Fred Moore

    Fred Moore Guest

    Thought folks here would be interested in this article I saw on
    Macintouch:

    Yes, I was hacked. Hard.
    <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>

    At 4:50 PM, someone got into my iCloud account, reset the password and
    sent the confirmation message about the reset to the trash. My password
    was a 7 digit alphanumeric that I didn¹t use elsewhere. When I set it
    up, years and years ago, that seemed pretty secure at the time. But it¹s
    not. Especially given that I've been using it for, well, years and
    years. My [guess is they used brute force to get the password]<-[this
    bit negated in the original] (see update) and then reset it to do the
    damage to my devices.

    The backup email address on my Gmail account is that same .mac email
    address. At 4:52 PM, they sent a Gmail password recovery email to the
    ..mac account. Two minutes later, an email arrived notifying me that my
    Google Account password had changed.

    At 5:00 PM, they remote wiped my iPhone
    At 5:01 PM, they remote wiped my iPad
    At 5:05, they remote wiped my MacBook Air.
    A few minutes after that, they took over my Twitter.
    [...]
    Update Three: I know how it was done now. Confirmed with both the hacker
    and Apple. It wasn¹t password related. They got in via Apple tech
    support and some clever social engineering that let them bypass security
    questions. [...]
     
    Fred Moore, Aug 6, 2012
    #1
    1. Advertising

  2. Fred Moore

    Lewis Guest

    In message <-september.org>
    Fred Moore <> wrote:
    > Thought folks here would be interested in this article I saw on
    > Macintouch:


    > Yes, I was hacked. Hard.
    > <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>


    *HE* was hacked. iCoud was not hacked.

    > Update Three: I know how it was done now. Confirmed with both the hacker
    > and Apple. It wasn¹t password related. They got in via Apple tech
    > support and some clever social engineering that let them bypass security
    > questions. [...]


    That is worrisome.

    --
    I SAW NOTHING UNUSUAL IN THE TEACHER'S LOUNGE Bart chalkboard Ep. 8F17
     
    Lewis, Aug 6, 2012
    #2
    1. Advertising

  3. Fred Moore

    JF Mezei Guest

    >> Yes, I was hacked. Hard.
    >> <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>



    I can understand the iPhone being wiped since there is a "wipe the
    iPhone" function on iCloud.

    But how can a laptop be wiped ? Is there also a "wipe my laptop"
    function on iCloud ? If not, what exactly is being deleted from the laptop ?

    Are we just talking about a sync for iTunes and iPhoto and iCal and
    Contacts ? (which make the laptop's libraries match the empty libraries
    on iCloud). ?


    If you suspect wrong doing, I guess the first thing would be to turn off
    wi-fi at your router before opening the laptop, and then disabling that
    iCloud thingy on the laptop.


    Reading the article, I kept thiniing "just take your SIM out and ut it
    in another phone". But then the writer admitted being with that old CDAM
    stuff (Sprint).

    Anyone know if an iPhone wipe has the power/auhority to muck with the
    SIM card ? I guess it can erase contacts stored on SIM. But for the
    rest, I am not sure it can really disable the SIM card.
     
    JF Mezei, Aug 7, 2012
    #3
  4. Fred Moore

    JF Mezei Guest

    More info now available in a Wired article:

    http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

    ##
    The very four digits that Amazon considers unimportant enough to display
    in the clear on the Web are precisely the same ones that Apple considers
    secure enough to perform identity verification.?
    ##

    (talking about credit card numbers)
     
    JF Mezei, Aug 7, 2012
    #4
  5. Fred Moore

    David Empson Guest

    JF Mezei <> wrote:

    > >> Yes, I was hacked. Hard.
    > >> <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>

    >
    >
    > I can understand the iPhone being wiped since there is a "wipe the
    > iPhone" function on iCloud.
    >
    > But how can a laptop be wiped ? Is there also a "wipe my laptop"
    > function on iCloud ? If not, what exactly is being deleted from the laptop ?


    There is a "Find My Mac" feature. I have it turned off. If I go to
    enable it there is a warning sheet which says "Find My Mac is part of
    iCloud and helps you locate, lock or erase a lost Mac".

    I haven't experimented with it to see the full details, but based on how
    it works for the iPhone I expect that the "Erase" will do either of two
    things:

    (a) If the volume is encrypted with FileVault 2, it will destroy the
    master key, immediately losing access to all data on the volume.

    (b) If the volume is not encrypted with FileVault 2, it will have to
    erase individual files or block erase the volume. It probably tries to
    delete everything, but perhaps starts with files in the home folders.

    Based on the description in the article, it sounds like it was deleting
    files.

    I'd have expected a restart to the recovery partition so that all files
    or the volume could be erased without having some locked due to being in
    use.

    > Are we just talking about a sync for iTunes and iPhoto and iCal and
    > Contacts ? (which make the laptop's libraries match the empty libraries
    > on iCloud). ?


    No. The wording implies the Mac is erased.

    > If you suspect wrong doing, I guess the first thing would be to turn off
    > wi-fi at your router before opening the laptop, and then disabling that
    > iCloud thingy on the laptop.


    Just turn off Find My Mac if you are concerned about losing the contents
    of your Mac due to a similar hack.

    > Reading the article, I kept thiniing "just take your SIM out and ut it
    > in another phone". But then the writer admitted being with that old CDAM
    > stuff (Sprint).
    >
    > Anyone know if an iPhone wipe has the power/auhority to muck with the
    > SIM card ? I guess it can erase contacts stored on SIM. But for the
    > rest, I am not sure it can really disable the SIM card.


    An iPhone with no SIM connected to a WiFi network that has Internet
    access could be remotely erased via Find My iPhone. The SIM card and
    cellular connectivity just makes it far easier as it is more likely to
    have Internet access.

    --
    David Empson
     
    David Empson, Aug 7, 2012
    #5
  6. Fred Moore

    Wes Groleau Guest

    On 08-06-2012 17:46, Fred Moore wrote:
    > Thought folks here would be interested in this article I saw on
    > Macintouch:
    >
    > Yes, I was hacked. Hard.
    > <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>


    And people laughed at me when I said I didn't want my life in iCloud.

    --
    Wes Groleau

    “Two things are infinite, the universe and human stupidity.
    But I'm not so sure about the universe.â€
    — Albert Einstein
     
    Wes Groleau, Aug 7, 2012
    #6
  7. Fred Moore

    Justin Guest

    On 8/6/12 5:46 PM, Fred Moore wrote:
    > Thought folks here would be interested in this article I saw on
    > Macintouch:
    >
    > Yes, I was hacked. Hard.
    > <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>


    Even Apple can't defend against lousy passwords.
     
    Justin, Aug 7, 2012
    #7
  8. Fred Moore

    nospam Guest

    In article <jvq5co$6tm$>, Justin
    <> wrote:

    > > Thought folks here would be interested in this article I saw on
    > > Macintouch:
    > >
    > > Yes, I was hacked. Hard.
    > > <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>

    >
    > Even Apple can't defend against lousy passwords.


    it wasn't a lousy password. in fact, his password made no difference
    whatsoever.

    apple *gave* the hacker a new, temporary password.

    apple and amazon (where he got enough info to fool apple) are entirely
    to blame for really shitty security.

    read more here:
    <http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/a
    ll/1>
     
    nospam, Aug 7, 2012
    #8
  9. Fred Moore

    Lewis Guest

    In message <jvq1jh$pga$>
    Wes Groleau <> wrote:
    > On 08-06-2012 17:46, Fred Moore wrote:
    >> Thought folks here would be interested in this article I saw on
    >> Macintouch:
    >>
    >> Yes, I was hacked. Hard.
    >> <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>


    > And people laughed at me when I said I didn't want my life in iCloud.


    Well, there are several things he did wrong.

    #1 was using his Apple ID email for anything else.

    I have unique emails for Amazon, Apple ID, Yahoo, Google, Ebay, Paypal,
    World of Warcraft, buy.com, DropBox, woot, and just about any other
    online service. Not only are they unique, but they are spread out over
    several domains. While someone getting into one of my accounts would be
    able to cause some damage, they would not be able to rampage through all
    my services.

    #2 was using the same address for his domain registration as his credit
    card billing address. Rent a PO Box or something if you don't have an
    office. You don't want anyone looking you up having your home address
    *anyway*.

    #3 was not running Time Machine

    #4 was not having a completely separate off-line and/or off-site backup of
    the files he considered most important (like his photos).

    There are issues that have been exposed that are problematic, such as
    Apple accepting simply a billing address and last 4 of credit card to
    give anyone access. There are security questions for a reason, they
    should be using them.

    Amazon's security hole is even worse, to my mind, in allowing you to add
    an unverified credit card to an account and then using it to unlock the
    account.

    --
    He was Igor, son of Igor, nephew of several Igors, brother of Igors and
    cousin of more Igors than he could remember without checking up in his
    diary. Igors did not change a winning formula. {Footnote: Especially if
    it was green, and bubbled.}
     
    Lewis, Aug 7, 2012
    #9
  10. Fred Moore

    Lewis Guest

    In message <jvq5co$6tm$>
    Justin <> wrote:
    > On 8/6/12 5:46 PM, Fred Moore wrote:
    >> Thought folks here would be interested in this article I saw on
    >> Macintouch:
    >>
    >> Yes, I was hacked. Hard.
    >> <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>


    > Even Apple can't defend against lousy passwords.


    Please go read the link. His Apple password was not *hacked*, Apple reset it.


    --
    Suddenly the animals look shiny and new
     
    Lewis, Aug 7, 2012
    #10
  11. In article <502065a9$0$1249$c3e8da3$>,
    JF Mezei <> wrote:

    > More info now available in a Wired article:
    >
    > http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
    >
    > ##
    > The very four digits that Amazon considers unimportant enough to display
    > in the clear on the Web are precisely the same ones that Apple considers
    > secure enough to perform identity verification.?
    > ##
    >
    > (talking about credit card numbers)


    That's pretty amazing. Amazon is conforming to industry common practice:
    it's quite standard for receipts to include the last 4 digits of the
    credit card used, so that the customer has a reminder of which CC they
    used. Apple is clearly wrong in using this part of the CC# in their
    authentication process, they should at least ask for the entire CC#.

    But this whole debacle mostly highlights how difficult it is to do
    reliable identity verification over the phone. Companies could be more
    stringent, but it will be a big inconvenience for the 99% of callers who
    really are who they say they are.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
     
    Barry Margolin, Aug 7, 2012
    #11
  12. In article <>,
    Lewis <> wrote:

    > Amazon's security hole is even worse, to my mind, in allowing you to add
    > an unverified credit card to an account and then using it to unlock the
    > account.


    Yeah, that was pretty funny. It suggests something like this could work:

    Caller: I need to change my account password.
    Amazon: OK, what would you like to change it to?
    Caller: Make it "YourPwned"
    Amazon: Done.
    Caller: Now I'd like to buy something, and bill it to my registered
    credit card.
    Amazon: Sure, what's your password?

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
     
    Barry Margolin, Aug 7, 2012
    #12
  13. Fred Moore

    nospam Guest

    In article <>, Lewis
    <> wrote:

    > >> Thought folks here would be interested in this article I saw on
    > >> Macintouch:
    > >>
    > >> Yes, I was hacked. Hard.
    > >> <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>

    >
    > > And people laughed at me when I said I didn't want my life in iCloud.

    >
    > Well, there are several things he did wrong.


    blame the victim, i see. he actually did very little wrong.

    apple willingly gave a temporary password to someone posing as him,
    using easily obtained information. that's *really* *bad*.

    however, had he not had everything linked together, the damage would
    have been quite a bit less.

    it was unfortunate he didn't have a backup of his macbook, but that
    would only have let him recover data, not prevent the hack from
    occurring.

    > #1 was using his Apple ID email for anything else.


    nonsense. most people use their normal email address. there is no
    warning to use a special email address. more importantly, it would not
    have prevented the hack.

    it's unfortunate that apple ids are email addresses though, since it
    makes it exceedingly difficult to change them.

    > #2 was using the same address for his domain registration as his credit
    > card billing address. Rent a PO Box or something if you don't have an
    > office. You don't want anyone looking you up having your home address
    > *anyway*.


    that would not have prevented the hack. his address could be obtained
    in other ways.

    > #3 was not running Time Machine


    that would not have prevented the hack. it would only have helped him
    recover lost data. that's all.

    > #4 was not having a completely separate off-line and/or off-site backup of
    > the files he considered most important (like his photos).


    that would not have prevented the hack. it would only have helped him
    recover lost data. that's all.

    > There are issues that have been exposed that are problematic, such as
    > Apple accepting simply a billing address and last 4 of credit card to
    > give anyone access. There are security questions for a reason, they
    > should be using them.
    >
    > Amazon's security hole is even worse, to my mind, in allowing you to add
    > an unverified credit card to an account and then using it to unlock the
    > account.


    both of those are the problem. apple and amazon have shitty security.
     
    nospam, Aug 7, 2012
    #13
  14. Fred Moore

    nospam Guest

    In article <-september.org>,
    Barry Margolin <> wrote:

    > That's pretty amazing. Amazon is conforming to industry common practice:
    > it's quite standard for receipts to include the last 4 digits of the
    > credit card used, so that the customer has a reminder of which CC they
    > used. Apple is clearly wrong in using this part of the CC# in their
    > authentication process, they should at least ask for the entire CC#.


    the hacker couldn't answer the security questions. the call should have
    ended at that point. it was obvious he was not who he said he was.
     
    nospam, Aug 7, 2012
    #14
  15. Fred Moore

    Lewis Guest

    In message <070820120126061213%>
    nospam <> wrote:
    > In article <>, Lewis
    > <> wrote:


    >> >> Thought folks here would be interested in this article I saw on
    >> >> Macintouch:
    >> >>
    >> >> Yes, I was hacked. Hard.
    >> >> <http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard>

    >>
    >> > And people laughed at me when I said I didn't want my life in iCloud.

    >>
    >> Well, there are several things he did wrong.


    > blame the victim, i see. he actually did very little wrong.


    He did many things wrong. SOme are understandable, others are not.

    > apple willingly gave a temporary password to someone posing as him,
    > using easily obtained information. that's *really* *bad*.


    Yes, I said that.

    > however, had he not had everything linked together, the damage would
    > have been quite a bit less.


    I said that too.

    > it was unfortunate he didn't have a backup of his macbook, but that
    > would only have let him recover data, not prevent the hack from
    > occurring.


    Right. "Only" having the first year of baby pictures of his daughter and
    "only" having last pictures of family that had died. The lack of backups
    is *entirely* on his shoulders and I have trouble having any sympathy
    for that.

    >> #1 was using his Apple ID email for anything else.


    > nonsense. most people use their normal email address. there is no
    > warning to use a special email address. more importantly, it would not
    > have prevented the hack.


    There's *plenty* of warnings, and yes it would have. Re-read. The hack
    started with them seeing that he had an Apple ID linked to his Amazon
    account. They were able to get the last 4 digits from getting into
    Amazon, that and the domain info gave them access to his APple ID, and
    that got them "the keys to the kingdom."

    >> #2 was using the same address for his domain registration as his credit
    >> card billing address. Rent a PO Box or something if you don't have an
    >> office. You don't want anyone looking you up having your home address
    >> *anyway*.


    > that would not have prevented the hack. his address could be obtained
    > in other ways.


    Maybe. Maybe not. That is certainly one of the easiest ways, and is the
    method that was used.

    >> #3 was not running Time Machine


    > that would not have prevented the hack. it would only have helped him
    > recover lost data. that's all.


    Yeah, that's "all". That's a pretty big fucking *all*.

    >> #4 was not having a completely separate off-line and/or off-site backup of
    >> the files he considered most important (like his photos).


    > that would not have prevented the hack. it would only have helped him
    > recover lost data. that's all.


    Ibid.

    --
    The older you get the more you need the people you knew when you were
    young.
     
    Lewis, Aug 7, 2012
    #15
  16. Fred Moore

    Lewis Guest

    In message <070820120126081347%>
    nospam <> wrote:
    > In article <-september.org>,
    > Barry Margolin <> wrote:


    >> That's pretty amazing. Amazon is conforming to industry common practice:
    >> it's quite standard for receipts to include the last 4 digits of the
    >> credit card used, so that the customer has a reminder of which CC they
    >> used. Apple is clearly wrong in using this part of the CC# in their
    >> authentication process, they should at least ask for the entire CC#.


    > the hacker couldn't answer the security questions. the call should have
    > ended at that point. it was obvious he was not who he said he was.


    Exactly. Although I am sure there are plenty of legitimate callers who
    also can't, but in that case, Apple should fallback to other methods.
    Like, say, a iMessage to your iPhone. Or, failing that, a mailed letter
    to your address with a reset code.

    Using billing address and last for of CC is not acceptable.

    --
    Oh! I thought they smelled bad on the *outside*!
     
    Lewis, Aug 7, 2012
    #16
  17. Fred Moore

    nospam Guest

    In article <>, Lewis
    <> wrote:

    > >> Well, there are several things he did wrong.

    >
    > > blame the victim, i see. he actually did very little wrong.

    >
    > He did many things wrong. SOme are understandable, others are not.


    very little of what he did would have prevented it from happening. he
    could have reduced the damage though.

    the problem is how easy it is to hack an apple id.

    > > apple willingly gave a temporary password to someone posing as him,
    > > using easily obtained information. that's *really* *bad*.

    >
    > Yes, I said that.


    *that* is the entire problem.

    > > however, had he not had everything linked together, the damage would
    > > have been quite a bit less.

    >
    > I said that too.


    however, you said even more that was rubbish.

    > > it was unfortunate he didn't have a backup of his macbook, but that
    > > would only have let him recover data, not prevent the hack from
    > > occurring.

    >
    > Right. "Only" having the first year of baby pictures of his daughter and
    > "only" having last pictures of family that had died. The lack of backups
    > is *entirely* on his shoulders and I have trouble having any sympathy
    > for that.


    having a backup would not have prevented the hack from occurring.

    it's still a huge hassle to restore everything (several hours gone) and
    he may still have lost some work, up until the last point at which time
    machine took a snapshot.

    > >> #1 was using his Apple ID email for anything else.

    >
    > > nonsense. most people use their normal email address. there is no
    > > warning to use a special email address. more importantly, it would not
    > > have prevented the hack.

    >
    > There's *plenty* of warnings,


    where does it say on the apple id sign up page to use an email you
    don't normally use????

    > and yes it would have. Re-read. The hack
    > started with them seeing that he had an Apple ID linked to his Amazon
    > account.


    actually it didn't, but when have facts mattered to you.

    it started with twitter, because he had a 3 character twitter name.
    that made him a desirable target.

    from that, they found he used gmail, hit the gmail recovery page and
    found an obscured secondary email address, however, what was obscured
    was easily guessed, which happened to be a .me address. since they knew
    how to hack apple ids, their next step was obtaining the information to
    do just that.

    > They were able to get the last 4 digits from getting into
    > Amazon, that and the domain info gave them access to his APple ID, and
    > that got them "the keys to the kingdom."


    all they needed was the last four digits and an address to gain access
    to the apple id, and that information is not hard to find.

    just about *everyone* you buy something from using a credit card has
    that information, particularly online where they need the address to
    verify the card.

    > >> #2 was using the same address for his domain registration as his credit
    > >> card billing address. Rent a PO Box or something if you don't have an
    > >> office. You don't want anyone looking you up having your home address
    > >> *anyway*.

    >
    > > that would not have prevented the hack. his address could be obtained
    > > in other ways.

    >
    > Maybe. Maybe not. That is certainly one of the easiest ways, and is the
    > method that was used.


    no maybe about it. just about *everyone* you buy something from using a
    credit card has that information.

    > >> #3 was not running Time Machine

    >
    > > that would not have prevented the hack. it would only have helped him
    > > recover lost data. that's all.

    >
    > Yeah, that's "all". That's a pretty big fucking *all*.
    >
    > >> #4 was not having a completely separate off-line and/or off-site backup of
    > >> the files he considered most important (like his photos).

    >
    > > that would not have prevented the hack. it would only have helped him
    > > recover lost data. that's all.

    >
    > Ibid.


    all that would have done is saved his photos and whatever else was on
    it.

    he still would have been hacked. *that* is the problem.
     
    nospam, Aug 7, 2012
    #17
  18. Fred Moore

    nospam Guest

    In article <>, Lewis
    <> wrote:

    > >> That's pretty amazing. Amazon is conforming to industry common practice:
    > >> it's quite standard for receipts to include the last 4 digits of the
    > >> credit card used, so that the customer has a reminder of which CC they
    > >> used. Apple is clearly wrong in using this part of the CC# in their
    > >> authentication process, they should at least ask for the entire CC#.

    >
    > > the hacker couldn't answer the security questions. the call should have
    > > ended at that point. it was obvious he was not who he said he was.

    >
    > Exactly. Although I am sure there are plenty of legitimate callers who
    > also can't,


    tough shit. that's what the security questions are for.

    just look at what they do for file vault:
    <http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT4790/HT47
    90_StoreKey----en.png>

    Apple can only decrypt the recovery key using exact answers. If you
    cannot provide these answers, then Apple will be unable to access the
    key. Answer attempts may be restricted.

    no key, no data.

    > but in that case, Apple should fallback to other methods.
    > Like, say, a iMessage to your iPhone.


    what if you don't have an iphone? or if you do, if you don't use
    imessage?

    > Or, failing that, a mailed letter
    > to your address with a reset code.


    that's one possibility.

    > Using billing address and last for of CC is not acceptable.


    true.
     
    nospam, Aug 7, 2012
    #18
  19. Fred Moore

    Lewis Guest

    In message <070820120211536004%>
    nospam <> wrote:
    > In article <>, Lewis
    > <> wrote:


    >> >> Well, there are several things he did wrong.

    >>
    >> > blame the victim, i see. he actually did very little wrong.

    >>
    >> He did many things wrong. SOme are understandable, others are not.


    > very little of what he did would have prevented it from happening. he
    > could have reduced the damage though.


    > the problem is how easy it is to hack an apple id.


    >> > apple willingly gave a temporary password to someone posing as him,
    >> > using easily obtained information. that's *really* *bad*.

    >>
    >> Yes, I said that.


    > *that* is the entire problem.


    Amazon is certainly a big player in the problem, so it's not the entire
    problem, no.

    > it started with twitter, because he had a 3 character twitter name.
    > that made him a desirable target.


    The HACK did not start with twitter, the desire to hack him did.

    > from that, they found he used gmail, hit the gmail recovery page and
    > found an obscured secondary email address, however, what was obscured
    > was easily guessed, which happened to be a .me address. since they knew
    > how to hack apple ids, their next step was obtaining the information to
    > do just that.


    Which they obtained from AMAZON.

    --
    The very existence of flame-throwers proves that some time, somewhere,
    someone said to themselves, You know, I want to set those people over
    there on fire, but I'm just not close enough to get the job done.
     
    Lewis, Aug 7, 2012
    #19
  20. Fred Moore

    nospam Guest

    In article <>, Lewis
    <> wrote:

    > >> > apple willingly gave a temporary password to someone posing as him,
    > >> > using easily obtained information. that's *really* *bad*.
    > >>
    > >> Yes, I said that.

    >
    > > *that* is the entire problem.

    >
    > Amazon is certainly a big player in the problem, so it's not the entire
    > problem, no.


    in this instance yes, but the credit card & address could have been
    obtained from another source. for example,

    <http://money.cnn.com/2012/04/02/technology/global-payments-breach/index.
    htm>
    A data breach at a payments processing firm has potentially
    compromised up to 1.5 million credit and debit card numbers from all
    of the major card brands.

    > > it started with twitter, because he had a 3 character twitter name.
    > > that made him a desirable target.

    >
    > The HACK did not start with twitter, the desire to hack him did.


    actually it did start with twitter, and that was their hacking goal.

    the rest was incidental damage and there was no desire to hack *him* in
    particular. he just happened to have a desirable twitter name.

    > > from that, they found he used gmail, hit the gmail recovery page and
    > > found an obscured secondary email address, however, what was obscured
    > > was easily guessed, which happened to be a .me address. since they knew
    > > how to hack apple ids, their next step was obtaining the information to
    > > do just that.

    >
    > Which they obtained from AMAZON.


    and if he didn't have an amazon account, they could have obtained that
    info elsewhere.
     
    nospam, Aug 7, 2012
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    381
    tomcas
    Jan 10, 2004
  2. OttO Winter
    Replies:
    0
    Views:
    316
    OttO Winter
    Jan 28, 2004
  3. We Live for the One we Die for the One

    Is their any hacked bios's that include locking pci and agp buses ?

    We Live for the One we Die for the One, Jun 13, 2004, in forum: Asus
    Replies:
    2
    Views:
    237
    jones
    Jun 13, 2004
  4. Leadfoot
    Replies:
    2
    Views:
    387
    Leadfoot
    Sep 24, 2005
  5. John Smallberries

    k7d running hacked 2800 XPs

    John Smallberries, Dec 3, 2003, in forum: MSI
    Replies:
    0
    Views:
    341
    John Smallberries
    Dec 3, 2003
Loading...

Share This Page