Apple and Amazon Security Flaws

Recently, tech journalist Mat Honan was the victim of an ‘epic hack’ as a result of some pretty serious security flaws at Amazon and Apple. First, his Google account was taken over and deleted. Then his Twitter account was compromised, his AppleID account broken into, and all of his data on his iPhone, iPad and MacBook were remotely erased. Pretty scary stuff.

How was this accomplished? Well, Honan got the details from the hacker in exchange for promising not to press charges. Strong passwords are important but they are not enough; flaws in many customer service systems can allow hackers to reset your password and access your data. Ultimately, all they needed was Honan’s email address, a billing address (which they got from the Whois information for a domain registered under his name) and the last four digits of a credit card on file.

Turns out that all you needed to get into an iCloud account was a billing address and the last four digits of a credit card on file. The hackers called Amazon and told them they were Honan and wanted to add a credit card to the account. All you needed to do this is the name on the account, an associated email address, and the billing address. Amazon then allows you to input a new credit card number. After doing this, the hackers called back and told them that they lost access to the account. By providing the new credit card number and the billing address, they were able to add a new email address to the Amazon account. After this, they went to Amazon’s site and sent a password reset to the new email address, which allowed them to see all of the credit cards on the account — not the entire numbers, just the last four digits.

Pretty scary stuff. Apple and Amazon have quietly closed these security flaws, but you can be sure more holes will be discovered. Honan’s main recommendations are:

1. Don’t link together key services (i.e., your iCloud and Google accounts)

2. Don’t use the same email prefix across multiple accounts (i.e.,,,

3. Backup your data — Honan lost photos covering the entire lifespan of his daughter, in addition to documents and emails that were stored in no other location.

Posted in Amazon, Apple, security Tagged ,

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>