Hackers Dupe Apple Support To Crack Gizmodo Twitter Account

Tech website Gizmodo had its Twitter account hacked last week and it has since emerged that cyber crooks were able to get hold of the relevant password by tricking Apple employees.

Former Gizmodo employee Mat Honan had his digital life all but erased after his iCloud account was compromised and used to remote wipe all of his devices, including an iPhone, iPad and a MacBook Air.

By using information from Honan’s iCloud account, they were able to guess at passwords for other services, including his Google and Twitter accounts. As his Twitter account was linked to that of Gizmodo, the hacker was able to compromise it and tweet offensive comments.

Not so supportive?

Honan subsequently spoke to both Apple support and the hacker, who verified that the latter had used “clever social engineering” to get around security questions. He said he is now coordinating with Apple and hoping procedural changes will take place at the company.

“Via AppleCare, I was able to confirm the hacker’s account of how he got access to my account. I have an email in to Tim Cook and Apple PR, and want to give them a chance to respond (and make changes).  I want to give the company a little more time to look at its internal processes, but should be as simple as a policy change,” he said in a blog post.

“So far, I haven’t received any acknowledgement from Apple corporate. I did, however, get an urgent call from AppleCare ten minutes after emailing Mr. Cook, informing me that my situation had been escalated and there is now only one person at Apple who can make changes to my account. So I gather corporate is aware of what happened and looking into how to most effectively respond to make sure this doesn’t happen again.”

One of Honan’s biggest mistakes was not backing up data on his devices. He remains unsure whether information will be recovered, but was hopeful as the wipe stopped before it started over-writing the data.

“Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more,” he said.

Account theft remains a serious problem on the Web. Last week, Dropbox revealed a number of customer accounts and one employee account had been hacked to spread spam. However, it said the accounts were compromised using login details stolen from elsewhere.

Are you a security guru? Try our quiz!