How a Hacker Gained Access to a Reporter's iCloud Account
Wired reporter Mat Honan details the exact process by which hackers had gained control of his iCloud account. The hijacked iCloud account resulted in a remote-wipe of his iPhone, iPad and MacBook Air, as well as further intrusions into his Gmail and Twitter accounts.
As previously reported, the hackers were able to convince Apple Support to provide them with a temporary password to access Honan's account. Honan details exactly how this was performed.
Apparently, Apple Support only requires an iCloud user's billing address and last-four digits of the credit card on file in order to issue a temporary password. That temporary password grants full access to the user's iCloud account. Apple spokesperson Natalie Kerris issued this statement which claims that internal policies were not followed completely in Honan's case, but failed to specify exactly how:
“Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”
Wired was able to confirm the reported policy themselves by successfully gaining access to another account using only those two pieces of information: a billing address and last-four digits of the credit card number.
As noted by Honan, a target's billing address is generally easy to determine by looking up a domain registration or by public white pages databases. As for discovering the last-four digits of Honan's credit card, Honan's hacker used a loophole in Amazon's security systems which don't protect the last-four digits of their user's credit card information. The hack requires a two-step phone call to Amazon. In the first call, Amazon allows you to add a second credit card to the account by simply offering the account's billing address, name and email address. Then, a second call allows you to add a second email address by verifying the previously added credit card. This second email address then has access to the account information including the last four digits of the original credit card.
Honan's intrusion seemed to be a result of a targeted effort to infiltrate his Twitter account, and a number of items had to line up just right for the hackers to gain access. The situation does reveal that the differing security processes between different providers could open up unwanted opportunities. It also seems to show that at present, a specific user's iCloud account access can be gained with those two pieces of only semi-private information.
Honan's full story about the sequence of events is an interesting read.
Popular Stories
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now.
Subscribe to the MacRumors YouTube channel for more videos.
Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
You'd think things would be slowing down heading into the holidays, but this week saw a whirlwind of Apple leaks and rumors while Apple started its next cycle of betas following last week's release of iOS 26.2 and related updates.
This week also saw the release of a new Apple Music integration with ChatGPT, so read on below for all the details on this week's biggest stories!
Top Stories
i...
The European Commission today praised the interoperability changes that Apple is introducing in iOS 26.3, once again crediting the Digital Markets Act (DMA) with bringing "new opportunities" to European users and developers.
The Digital Markets Act requires Apple to provide third-party accessories with the same capabilities and access to device features that Apple's own products get. In iOS...
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones.
iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features.
Liquid Glass Slider on Lock Screen
A new slider in the Lock...
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another nine months, there are already plenty of rumors about the devices.
Below, we have recapped 12 features rumored for the iPhone 18 Pro models.
The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras
Under-screen Face ID
Front camera in...
Next year's iPhone 18 Pro and iPhone 18 Pro Max will be equipped with under-screen Face ID, and the front camera will be moved to the top-left corner of the screen, according to a new report from The Information's Wayne Ma and Qianer Liu.
As a result of these changes, the report said the iPhone 18 Pro models will not have a pill-shaped Dynamic Island cutout at the top of the screen....
Apple is significantly increasing its reliance on Samsung for iPhone memory as component prices surge, according to The Korea Economic Daily.
Apple is said to be expanding the share of iPhone memory it sources from Samsung due to rapidly rising memory prices. The shift is expected to result in Samsung supplying roughly 60% to 70% of the low-power DRAM used in the iPhone 17, compared with a...
Apple's first foldable iPhone, rumored for release next year, may turn out to be smaller than most people imagine, if a recent report is anything to go by. According to The Information, the outer display on the book-style device will measure just 5.3 inches – that's smaller than the 5.4-inch screen on the iPhone mini, a line Apple discontinued in 2022 due to poor sales. The report has led ...
