iCloud: Friend or foe?

Posted on by Mike Evans

iCloud presents a friendly face. We rely on it to manage our devices and keep them in sync. It’s also a wonder when it comes to finding a lost iPhone or Mac. But there is a darker side. If your iCloud ID gets hacked, the consequences can be far from obvious. Mat Honan found this out to his cost during the week.

Mat’s iCloud account was hacked, despite being protected by a seven-digit unique alphanumeric password. The criminal used this access to create havoc, systematically wiping and resetting iPhone, iPad and Mac. Then Mat’s Gmail account was compromised, as was his Twitter account.

All this was bad enough. But the worst was that Mat didn’t have a full backup of all the data. He has lost more than a year’s worth of photos, emails, document and much more.

How, you might wonder, can a seemingly secure password be hacked so easily. It gets us all wondering and worrying. Mat now knows more, because he has had contact from the hacker and found out how it was done:

I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.

I hope Apple is undertaking a full investigation of how this could have happened and that fixes can be put in place as soon as possible. iCloud is good; but we must be able to rely on its integrity.

∞ Permalink