The Pathetic Story of How To Hack a .Mac Account

Written by Alex

I came across this posting today: Apple just gave out my Apple ID password because somone asked. So with all the hype about how OS X is so great and secure, what happens when the problem is with Apple corporate itself?

Here’s an excerpt from the post:

I tried to log in to Apple Developer Connection this morning to find out that my password had been changed and the email associated with my account was now a yahoo.com address that wasn’t mine. Luckily, my “security question” was still the same, so I was able to reset the password and email address back.

Based on the emails that have appeared in my .Mac mailbox, this was accomplished by sending this classy one-liner to Apple:

am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com

So a little crude social engineering to compromise your data. I’ve had and heard issues about Apple’s lack of a privacy policy, data destruction, and how they will handle repairs of their computers. But this is pretty bad.

I was a bit leary when I had to drop of my MacBook for repair and the guy asked me for my password that he proceeded to type into his “genius” computer. I was also concerned about what they would do with the backup they made of my hard drive. While I had no problems, it is apparent that the system is not setup to protect you. I remember dealing with Dell and Gateway, they’d ask you to remove your hard disk before sending in a laptop for repair.

Does anyone else have any Apple stories like this?

StumbleUpon Toolbar Stumble It! | reddit Submit to reddit | Digg Digg it! | Add to Mixx! Mixx it! | Slashdot Slashdot It!
Facebook Facebook | del.icio.us Save to Del.icio.us | Technorati Technorati Favorite It! | E-mail E-mail this!

This entry was posted on Wednesday, July 9th, 2008 at 1:36 pm and is filed under Security, Mac OS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “The Pathetic Story of How To Hack a .Mac Account”

  1. Paul Says:
    July 10th, 2008 at 10:31 am

    I have not had that experience, but I do have a .Mac account and the service was down last night and still down this morning, so Apple has a few sad issues to deal with.

  2. Alex Says:
    July 11th, 2008 at 5:17 pm

    Yeah, problems all over the news about .Mac/MobileMe going down as well as problems with activations of iPhones… both new and old due to the software update and everyone overloading the system.

  3. Adam Says:
    July 12th, 2008 at 2:30 pm

    I’ve had the same complaint. Not just about Apple, but a lot of tech places that deal with my data. I always ask very nicely and casually about their privacy policy and 99% of the time the person on the phone I’m talking to hasn’t ever heard of one.

    I guess individuals need to be careful about what information they give out and how much they trust a company.

    I’m actually incredibly amazed that worked. I tried something similar with two companies I was a customer of where I forgot my password and no longer used the old E-mail address. One told me to create a new account (in which case I lost all the important information from my previous one), and the other guided me through a million security questions before finally resetting my password.

    I’m glad Apple isn’t a bank.

    By the way, not to ask too ignorant a question, but what exactly is on an Apple Developer Connection account that would make someone want to hijack it? (I’ve personally only used it to download things like Xcode and Dashcode.)

Leave a Reply