Previously, Amazon allowed people to call in and change the email
address associated with an Amazon account or add a credit card number to
an Amazon account as long as the caller could identify him or herself
by name, email address and mailing address — three bits of personal
information that are easily found online.
The security gap was used by hackers, one of whom identified himself
as a 19-year-old going by the name “Phobia,” to gain access to Honan’s
Amazon account on Friday. Once Phobia and another hacker gained access
to Honan’s Amazon account, they were able to view the last four digits
of a credit card linked to the account.
The hackers then used those four digits to trick Apple customer
service into thinking it was dealing with Honan. Apple customer service
then gave the hackers a temporary password into Honan’s Apple ID, which
the hackers used to wipe his iPhone, iPad and MacBook, and gain access
to a number of email accounts as well as his Twitter account. More on that article here.
(Source)
No comments:
Post a Comment