As we learned when our friend Mat Honan got hacked earlier this year, Apple’s customer support line was dangerously susceptible to hackers. With a little coaxing, Apple representatives would hand over a customer account after a hacker offered very little information. Luckily, Apple has closed up this hole, but here’s a terrifying play-by-play of how easy it used to be to steal your life.
In the sidebar of Honan’s latest, awesome piece for Wired about how passwords are useless, he has published a transcript of a hacker tricking an Apple employee:
Apple: How about this. Give me the name of one of your custom mail folders.
Hacker: “Google” “Gmail” “Apple” I think. I’m a programmer at Google.
Apple: OK, “Apple” is correct. Can I have an alternate email address for you?
Hacker: The alternate email I used when I made the account?
Apple: I will need an email address to send you the password reset.
Hacker: Can you send it to “toe@aol.com”?
Apple: The email has been sent.
Hacker: Thanks!
Before the fix, as long as the hacker was mildly charming and didn’t give up, sooner or later they could gain access to an account — maybe yours — with just the information on a public Facebook profile and some cleverly generic guesses. Be sure to head over to Wired for the rest of this transcript and for Mat Honan’s excellent feature. [Wired]