How a Hacker Gained Access to a Reporter's iCloud Account

matHonan v4editWired reporter Mat Honan details the exact process by which hackers had gained control of his iCloud account. The hijacked iCloud account resulted in a remote-wipe of his iPhone, iPad and MacBook Air, as well as further intrusions into his Gmail and Twitter accounts.

As previously reported, the hackers were able to convince Apple Support to provide them with a temporary password to access Honan's account. Honan details exactly how this was performed.

Apparently, Apple Support only requires an iCloud user's billing address and last-four digits of the credit card on file in order to issue a temporary password. That temporary password grants full access to the user's iCloud account. Apple spokesperson Natalie Kerris issued this statement which claims that internal policies were not followed completely in Honan's case, but failed to specify exactly how:

“Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”

Wired was able to confirm the reported policy themselves by successfully gaining access to another account using only those two pieces of information: a billing address and last-four digits of the credit card number.

As noted by Honan, a target's billing address is generally easy to determine by looking up a domain registration or by public white pages databases. As for discovering the last-four digits of Honan's credit card, Honan's hacker used a loophole in Amazon's security systems which don't protect the last-four digits of their user's credit card information. The hack requires a two-step phone call to Amazon. In the first call, Amazon allows you to add a second credit card to the account by simply offering the account's billing address, name and email address. Then, a second call allows you to add a second email address by verifying the previously added credit card. This second email address then has access to the account information including the last four digits of the original credit card.

Honan's intrusion seemed to be a result of a targeted effort to infiltrate his Twitter account, and a number of items had to line up just right for the hackers to gain access. The situation does reveal that the differing security processes between different providers could open up unwanted opportunities. It also seems to show that at present, a specific user's iCloud account access can be gained with those two pieces of only semi-private information.

Honan's full story about the sequence of events is an interesting read.

Popular Stories

ios 19 messages app

Apple Sues Jon Prosser Over iOS 26 Leaks

Thursday July 17, 2025 8:40 pm PDT by
Earlier this year, YouTuber Jon Prosser shared multiple videos showing off what he claimed to be re-created renderings of what was then presumed to be called iOS 19 and which was eventually unveiled by Apple as iOS 26 at WWDC in June. In his first video back in January, Prosser showed off a Camera app redesign with a simpler set of buttons for moving between photo and video modes, and he...
iOS 26 on Three iPhones

Here's When to Expect the iOS 26 Public Beta

Tuesday July 15, 2025 11:07 am PDT by
Apple previously announced that a public beta of iOS 26 would be available in July, and now a more specific timeframe has surfaced. Bloomberg's Mark Gurman today said that Apple's public betas should be released on or around Wednesday, July 23. In other words, expect the public betas of iOS 26, iPadOS 26, macOS 26, and more to be available at some point next week. Apple will be releasing...
iPhone 17 Colors

All 15 New iPhone 17 and iPhone 17 Pro Colors Revealed in Latest Leak

Wednesday July 16, 2025 6:50 am PDT by
We may finally have a definitive list of all color options for the iPhone 17 series, ahead of the devices launching in September. MacRumors concept In a report for Macworld today, Filipe Espósito said he obtained an "internal document" that allegedly reveals all of the color options for the upcoming iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max models. The report includes ...
iPhone 17 Pro Dark Blue and Orange

Ranked: The Best Features Rumored for the iPhone 17 Lineup

Wednesday July 16, 2025 4:17 pm PDT by
We have just under two months to go until the debut of Apple's iPhone 17 models, and rumors have been ramping up in recent weeks. We went through everything we know so far, pulling out the most exciting rumors and highlighting some other changes that aren't going to be so great. Top Tier Ultra Thin iPhone 17 Air - The iPhone 17 Air is 2025's most exciting iPhone rumor, because it's the...
Foldable iPhone 2023 Feature Homescreen

Foldable iPhone's Thickness and Price Range Detailed in New Reports

Wednesday July 16, 2025 11:31 am PDT by
Apple's long-rumored foldable iPhone will likely have a starting price between $1,800 and $2,000 in the U.S., analysts at investment banking firm UBS said this week. If so, the foldable iPhone would cost more than a MacBook Pro, which starts at $1,599. With a starting price of at least $1,800, the foldable iPhone would be the most expensive iPhone model ever released, topping the Pro Max at...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 16 New Features

Friday July 11, 2025 12:40 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are only two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:A redesigned Dynamic Island: It has been rumored that all iPhone 17 models will have a redesigned Dynamic Island interface — it might ...
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3: What to Expect

Sunday July 13, 2025 10:30 am PDT by
The long wait for an Apple Watch Ultra 3 is nearly over, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the Apple Watch Ultra 3:Satellite connectivity for sending and receiving text messages when Wi-Fi and cellular coverage is unavailable 5G support, up from LTE on the Apple Watch Ultra 2 Likely a wide-angle OLED display that ...
Apple Hornsby

Apple Store Near Sydney Permanently Closing Later This Year

Monday July 14, 2025 6:14 pm PDT by
Apple today said its store at the Westfield Hornsby shopping mall, in Hornsby, Australia, will be permanently closing in October. Apple Hornsby In a statement shared with Australian tech news website EFTM (via Reddit), Apple said that it has decided not to renew its lease at Westfield Hornsby. Apple said all affected retail employees will be given the opportunity to work at Apple's nearby...

Top Rated Comments

faroZ06 Avatar
169 months ago
Who cares.. Is it a 'rumor' that someone's iCloud account got hacked or is it a fact? It's a FACT. This site is for RUMORS.

You must be constantly angered by MacRumors then.
Score: 35 Votes (Like | Disagree)
brentsg Avatar
169 months ago
This happens with a ton of Xbox Live accounts too. Microsoft doesn't seem to care. Also, since it's Microsoft and not Apple, the media doesn't care either.
Score: 15 Votes (Like | Disagree)
nagromme Avatar
169 months ago
Big, scary, simple failures here on the parts of Apple (using the credit card number as ID), Amazon (giving out that number!) and Google (giving out your alternate email address to strangers).

If I had to name 3 companies (that I actually use) which I trust the most to keep things secure, it would have been those 3... before today! (I know Google tracks me, but I’m surprised at this kind of lapse.)

I’m sure I’m not alone today in turning off Find My iPhone/iPad/Mac for the time being. And it’s probably smart to use different credit cards with different services, even if it means more bills to manage monthly. I do already use different (and hard to guess) passwords, and I back up in multiple ways including locally. Very important.

Something NEW is needed to make security usable AND effective for all of us, and incident this shines a light on the problems. What’s scary is, I doubt we'll see the changes (across MANY more companies than these 3) happening fast enough.

P.S. I hope the hackers spend some serious jail time after wiping out the guy’s family photos :mad:
Score: 12 Votes (Like | Disagree)
heov Avatar
169 months ago
Solution: apple needs better security. more than last 4 digits of CC and billing address should be required.
Score: 10 Votes (Like | Disagree)
Repo Avatar
169 months ago
Who cares.. Is it a 'rumor' that someone's iCloud account got hacked or is it a fact? It's a FACT. This site is for RUMORS.

Really?
Score: 9 Votes (Like | Disagree)
Mengele Avatar
169 months ago
A blogger is not a reporter!
Score: 8 Votes (Like | Disagree)