# iCloud users, make sure you have a good secure password



## jamest (Apr 8, 2008)

> At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn't use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it's not. Especially given that I've been using it for, well, years and years. My guess is they used brute force to get the password, and then reset it to do the damage to my devices.
> 
> The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
> 
> ...


http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard

(ignore the comments on the page)


----------



## empsburna (Apr 5, 2006)

...and decent backups.


----------



## james_death (Aug 9, 2010)

Oh Man, so so gutted for you dude.

I know how what you mean about back ups we all know to do it but often dont.

Hope you get sorted soon dude.


----------



## GJM (Jul 19, 2009)

Just when bought some extra storage the other day


----------



## jamest (Apr 8, 2008)

james_death said:


> Oh Man, so so gutted for you dude.
> 
> I know how what you mean about back ups we all know to do it but often dont.
> 
> Hope you get sorted soon dude.


Wasn't me personally, don't know who the person is, was just flagged up to me.


----------



## init6 (Mar 28, 2012)

> When I set it up, years and years ago, that seemed pretty secure at the time.


:wall:


----------



## Naddy37 (Oct 27, 2005)

And that's the exact reason I don't, and never will use those sort of back-ups.

I prefer my back-ups where I can see them, ie, physical storage etc, none of this virtual crap.


----------



## CraigQQ (Jan 20, 2011)

that kinda thing would be a huge hassle!!


----------



## PugIain (Jun 28, 2006)

Caned.
I'd rather spend a few quid on an external than use that virtual crap.

Also judging by the times he said his devices were wiped, he kept them all on AND connected to the net, Why??


----------



## jamest (Apr 8, 2008)

PugIain said:


> Caned.
> I'd rather spend a few quid on an external than use that virtual crap.
> 
> Also judging by the times he said his devices were wiped, he kept them all on AND connected to the net, Why??


Probably because that is one of Apple's selling points. All your iDevices connected up and linked to share things easily.


----------



## PugIain (Jun 28, 2006)

jamest said:


> Probably because that is one of Apple's selling points. All your iDevices connected up and linked to share things easily.


What do you need to "share"?
I can't remember the last time I connected my phone to my pc. Wirelessly or otherwise, I just don't see why you need such sillyness. 
Smacks of energy waste and showing off to me!


----------



## Dizzle77 (Mar 27, 2010)

PugIain said:


> What do you need to "share"?
> I can't remember the last time I connected my phone to my pc. Wirelessly or otherwise, I just don't see why you need such sillyness.
> Smacks of energy waste and showing off to me!


I didn't realise that syncing things like music and contacts between my phone and laptop was 'sillyness'


----------



## PugIain (Jun 28, 2006)

Dizzle77 said:


> I didn't realise that syncing things like music and contacts between my phone and laptop was 'sillyness'


It is! why do you need contacts on phones, laptops,ipads?
Ive managed to get to 31 years old without having all this crap.
I'm sure some people would curl up and die without all their gadgets.
I've got a phone and an Ipod. My phone is for calling and texting, it has a phonebook on it. My ipod is connected to the aux on my car stereo instead of the cd changer.
It has about 20 hours of music on it and never leaves the car.
I dont think its ever been "synced" in all the years Ive had it.
Its reliance on all this "technology" that ends up in tears when it all goes wrong


----------



## GJM (Jul 19, 2009)

This was probably an internal thing?

I know I have had my paypal account whacked twice and that was inside jobs....had to be


----------



## Dizzle77 (Mar 27, 2010)

GJM....You're not far off. Just read this......

http://www.macrumors.com/2012/08/05/apple-support-allowed-hacker-access-to-reporters-icloud-account/

*As it turns out, the hacker was able to call Apple support and convince them they were the user........After convincing Apple support that they were Mat Honan, the hacker had Apple Support change Honan's iCloud password which gave them full access. From there, they were able to perform the remote wipes on Honan's devices using Apple's Find My iPhone service which offers remote wipe as a security feature for lost devices.*

I reckon that Apple employee will be in some hot water for this.


----------



## jamest (Apr 8, 2008)

That is very different to an "inside job".

That is social engineering and is becoming a good way to get access to other peoples accounts if the companies aren't on the ball when they come through.


----------



## Rob_Quads (Jul 17, 2006)

Dizzle77 said:


> I reckon that Apple employee will be in some hot water for this.


It depends on what the guy used for security if he set them to things that were easy to work out from his high profile online nature then its not Apples fault.

Surely when you reset your password they will only send it to an address you have already registered with them?


----------



## Dizzle77 (Mar 27, 2010)

jamest said:


> That is very different to an "inside job".
> 
> That is social engineering and is becoming a good way to get access to other peoples accounts if the companies aren't on the ball when they come through.


I wasn't implying it was an 'inside job'. I was just trying to say that by believing that they were talking to the owner of the icloud account, the Apple staff member had unknowingly allowed this incident to take place.



Rob_Quads said:


> It depends on what the guy used for security if he set them to things that were easy to work out from his high profile online nature then its not Apples fault.
> 
> Surely when you reset your password they will only send it to an address you have already registered with them?


Reading the article am I right to think that the hacker may have already had his gmail password? Not sure.


----------



## ardandy (Aug 18, 2006)

neilos said:


> And that's the exact reason I don't, and never will use those sort of back-ups.
> 
> I prefer my back-ups where I can see them, ie, physical storage etc, none of this virtual crap.


That's ok until you have a fire or get robbed etc.

Truly important stuff is best done online and offline.


----------



## m1pui (Jul 24, 2009)

ardandy said:


> That's ok until you have a fire or get robbed etc.
> 
> Truly important stuff is best done online and offline.


Truly important is onsite master copy, onsite backup and offsite backup


----------



## jamest (Apr 8, 2008)

Full story can be found here - http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

Apple "breach" was caused partly by Amazon which gave the hackers enough information to reset the iCloud password.


----------



## Rob_Quads (Jul 17, 2006)

Yup. Sounds like Apple did not follow their procedure combined with Amazon having a loophole to get some of the information.

I can see Apple putting in extra security like asking about apps they have bought or something like that, something that the actual account user is only likely to have not just account details.


----------



## Dixondmn (Oct 12, 2007)

jamest said:


> That is very different to an "inside job".
> 
> That is social engineering and is becoming a good way to get access to other peoples accounts if the companies aren't on the ball when they come through.


Boiler room fraud, its been going on for years in the financial industry.

One of the first ever internet 'robberies' was commited by a guy calling telephone lines at a bank until he hit a modem. From there he hooked into the network and stole money.



PugIain said:


> It is! why do you need contacts on phones, laptops,ipads?
> Ive managed to get to 31 years old without having all this crap.
> I'm sure some people would curl up and die without all their gadgets.
> I've got a phone and an Ipod. My phone is for calling and texting, it has a phonebook on it. My ipod is connected to the aux on my car stereo instead of the cd changer.
> ...


It's, true, i sometimes long for days when life was less technical, but it's quite short sighted to call it 'crap'

I'm a recent Apple convert and while I don't regularly use my Ipod for anything but music, it can be quite useful to send an email, if im out of reach of my iphone or ipad.
The same applies when i leave my ipod in the car, and cant be bothered to go fetch it, I can hook up to the cloud and pull a specific track onto my iphone, which docks nicely on my speaker doc.

It may be lazy to some degree, but it promotes resiliency in an Active Active model, sadly though very few methods of resiliency are 100% risk averse, even your hard disk or tape back ups are prone to fire, loss, water damage, EMP, Dust, light, heat, impact etc etc.


----------



## Junior Bear (Sep 2, 2008)

I regularly set off the mrs phone alarm remotely using the find my iPhone app, I like getting her into trouble at work


----------

