How a Hacker Gained Access to a Reporter's iCloud Account
Wired reporter Mat Honan details the exact process by which hackers had gained control of his iCloud account. The hijacked iCloud account resulted in a remote-wipe of his iPhone, iPad and MacBook Air, as well as further intrusions into his Gmail and Twitter accounts.
As previously reported, the hackers were able to convince Apple Support to provide them with a temporary password to access Honan's account. Honan details exactly how this was performed.
Apparently, Apple Support only requires an iCloud user's billing address and last-four digits of the credit card on file in order to issue a temporary password. That temporary password grants full access to the user's iCloud account. Apple spokesperson Natalie Kerris issued this statement which claims that internal policies were not followed completely in Honan's case, but failed to specify exactly how:
“Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”
Wired was able to confirm the reported policy themselves by successfully gaining access to another account using only those two pieces of information: a billing address and last-four digits of the credit card number.
As noted by Honan, a target's billing address is generally easy to determine by looking up a domain registration or by public white pages databases. As for discovering the last-four digits of Honan's credit card, Honan's hacker used a loophole in Amazon's security systems which don't protect the last-four digits of their user's credit card information. The hack requires a two-step phone call to Amazon. In the first call, Amazon allows you to add a second credit card to the account by simply offering the account's billing address, name and email address. Then, a second call allows you to add a second email address by verifying the previously added credit card. This second email address then has access to the account information including the last four digits of the original credit card.
Honan's intrusion seemed to be a result of a targeted effort to infiltrate his Twitter account, and a number of items had to line up just right for the hackers to gain access. The situation does reveal that the differing security processes between different providers could open up unwanted opportunities. It also seems to show that at present, a specific user's iCloud account access can be gained with those two pieces of only semi-private information.
Honan's full story about the sequence of events is an interesting read.
Popular Stories
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Apple plans to release an all-new super thin iPhone this year, debuting it alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. We've seen pictures of dummy models, cases, and renders with the design, but Lewis Hilsenteger of Unbox Therapy today showed off newer dummy models that give us a better idea of just how thin the "iPhone 17 Air" will be.
The iPhone 17 Air is expected to be ...
If you missed the video showing dummy models of Apple's all-new super thin iPhone 17 Air that's expected later this year, Sonny Dickson this morning shared some further images of the device in close alignment with the other dummy models in the iPhone 17 lineup, indicating just how thin it is likely to be in comparison.
The iPhone 17 Air is expected to be around 5.5mm thick – with a thicker ...
A developer has demonstrated Windows 11 ARM running on an M2 iPad Air using emulation, which has become much easier since the EU's Digital Markets Act (DMA) regulations came into effect.
As spotted by Windows Latest, NTDev shared an instance of the emulation on social media and posted a video on YouTube (embedded below) demonstrating it in action. The achievement relies on new EU regulatory...
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices.
Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025:
Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup.
If you skipped the iPhone...
Apple seeded the third beta of iOS 18.5 to developers today, and so far the software update includes only a few minor changes.
The changes are in the Mail and Settings apps.
In the Mail app, you can now easily turn off contact photos directly within the app, by tapping on the circle with three dots in the top-right corner.
In the Settings app, AppleCare+ coverage information is more...
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device.
Overall, the iPhone 17 Air sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including only a single rear camera, a...
