Originally a report went out by a variety of media outlets that Wired writer (and formerly Gizmodo) Mat Honan’s iCloud was hacked ‘hard’. On his Tumblr post, he claimed that hackers compromised his iCloud account, resetted his iCloud and Gmail passwords and gain control of his Twitter account and wreaked mayhem.
Honan’s iCloud account was tied to his iPhone and iPad, which both had Find my iPhone/iPad turned on. In the attackers’ hands, the FMI utility was turned against Honan and both devices were remotely wiped. His MacBook Air had Find My Mac were enabled, which meant the hackers could erase his SSD – and they did.
Honan was targeted by a hacker group that had previously gone after high-profile Twitter users. Users of iCloud have been warned to keep passwords secure or changed as of late.
The hack occurred on Friday in the US by a group called Clan Vv3, and manifested to the public in the form of offensive tweets sent out first through Honan’s account, then Gizmodo’s.
Honan recounts the events in his blog post:
At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password, and then reset it to do the damage to my devices.
The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone
At 5:01 PM, they remote wiped my iPad
At 5:05, they remote wiped my MacBook Air.
A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s, they were then able to gain entry to that, as well.
Game over. Honan had no other backups and, along with his Twitter account, Gmail account, all of his photos, documents and emails that he had stored in his devices seem to be irretrievable.
However, as it turned out, the hack wasn’t a brute force attack, as Honan first suspected.
An update to his blog post said:
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data.
Which meant that someone over at Clan Vv3 probably impersonated an Apple tech support person to finagle the password.
Honan has promised that the full story will be published on Wired tonight. In the meantime, we urge you to both check your password (because it never hurts), and make sure all your information is backed up. In more than one place.