Apple admits fault in iCloud hack situation

Spokesperson admits: We found that our own internal policies were not followed completely

Apple has admitted that its "internal policies were not followed completely" in a case that enabled hackers to access journalist Mat Honan's iCloud account.

Apple spokesperson Natalie Kerris told Macworld: "Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer's data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."

According to Honan's account, the hackers called Apple, gave his name, address and the last four digits of his credit card (which they got from Amazon). Apple technical support reset his iCloud account and issued a temporary password.

Once the hackers had access to Honan's iCloud account they were able to use Find My iPhone and Find My Mac to remotely wipe his iPhone, iPad and MacBook Air. With access to his Google and Twitter passwords they were able to delete his Gmail account and use, not only his Twitter, but also Tweet to Gizmodo's Twitter account.

Apple has not confirmed that they will be making any security changes to iCloud so the best advice is to ensure you have strong and unique passwords for your different accounts and that you don't use webmail for password recovery.

Coincidentally the story of the iCloud hack came just as Apple co-founder Steve Wozniak delivered a presentation about his fears for the cloud. He revealed that he thinks the cloud is going to be "horrendous." "With the cloud, you don't own anything. You already signed it away. The more we transfer everything onto the web, onto the cloud, the less we're going to have control over it," he said.

Related:

How Did Apple Allow Hackers to Access iCloud Account?

Apple co-founder Woz thinks cloud will soon have "horrible problems"

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Malware Protection System (MPS)

Web Malware Protection System (MPS) stops Web-based attacks that traditional and next-generation firewalls, IPS, AV, and Web gateways miss.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »