The Pathetic Story of How To Hack a .Mac Account
Wednesday, July 9th, 2008I came across this posting today: Apple just gave out my Apple ID password because somone asked. So with all the hype about how OS X is so great and secure, what happens when the problem is with Apple corporate itself?
Here’s an excerpt from the post:
I tried to log in to Apple Developer Connection this morning to find out that my password had been changed and the email associated with my account was now a yahoo.com address that wasn’t mine. Luckily, my “security question” was still the same, so I was able to reset the password and email address back.
Based on the emails that have appeared in my .Mac mailbox, this was accomplished by sending this classy one-liner to Apple:
am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com
So a little crude social engineering to compromise your data. I’ve had and heard issues about Apple’s lack of a privacy policy, data destruction, and how they will handle repairs of their computers. But this is pretty bad.
I was a bit leary when I had to drop of my MacBook for repair and the guy asked me for my password that he proceeded to type into his “genius” computer. I was also concerned about what they would do with the backup they made of my hard drive. While I had no problems, it is apparent that the system is not setup to protect you. I remember dealing with Dell and Gateway, they’d ask you to remove your hard disk before sending in a laptop for repair.
Does anyone else have any Apple stories like this?