JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

Apple cloud burst: how hacker wiped Mat's 'life'

Video settings

Please Log in to update your video settings

Video will begin in 5 seconds.

Video settings

Please Log in to update your video settings

What Apple should have done

Mat Honan was powerless to prevent the attack on his iCloud account but there are steps organisations could be taking to protect their clients' data, says HackLabs security expert.

PT0M0S 620 349

What would you do if your entire digital life started evaporating before your eyes and there was virtually nothing you could do about it?

This is the nightmare scenario that greeted US technology journalist Mat Honan, who had all of the contents of his iPhone, iPad and Macbook Air wiped, and lost control of his Gmail and Twitter accounts, all in the span of just over 15 minutes.

"It's been a shitty night" ... Mat Honan has recounted how his web world fell apart.

"It's been a shitty night" ... Mat Honan has recounted how his web world fell apart.

And the scariest part is that he had a strong, seven-digit alphanumeric password. Apple has confirmed to Honan that its own tech support staff provided the hacker entry into his online world via a bit of clever social engineering.

Several others have reported similar stories of Apple handing access to their accounts over to hackers. Security experts say it is "very concerning" that Apple's staff could be so easily tricked, while even Apple co-founder Steve Wozniak believes the move to cloud computing will create "horrendous" problems in the next five years.

It all snowballed after the hacker gained access to Honan's account on iCloud, an Apple service that allows users to keep all of their files backed up in the online "cloud", to trace stolen Apple devices and even to wipe them remotely if they fall into the wrong hands.

Mat Honan's online passwords were reset by someone who had gained access to his iCloud account.

Mat Honan's online passwords were reset by someone who had gained access to his iCloud account.

Cloud computing is becoming increasingly popular as users warm to the idea accessing all their data from any device. The technology is also attractive to companies, which can store huge amounts of data offsite, with much lower costs and no hardware to maintain.

Once the hacker gained access to Honan's iCloud account, he or she was able to reset his password, before sending the confirmation email to the trash. Since Honan's Gmail is linked to his .mac email address, the hacker was also able to reset his Gmail password by sending a password recovery email to his .mac address.

Minutes later, the hacker used iCloud to wipe Honan's iPhone, iPad and Macbook Air remotely. Since the hacker had access to his email accounts, it was effortless to access Honan's other online accounts such as Twitter.

In a blog post published at the weekend, Honan said he was playing with his daughter when his phone suddenly went dead and rebooted to the set-up screen.

"This was irritating, but I wasn't concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more," Honan wrote.

"I entered my iCloud login to restore, and it wasn't accepted. Again, I was irritated, but not alarmed."

He then fired up his Macbook to try to restore his data from a back-up, but an iCal message popped up saying his Gmail account information was wrong, and then the screen went blank, asking for a four-digit pin.

"By now, I knew something was very, very wrong. I walked to the hallway to grab my iPad from my work bag. It had been reset too. I couldn't turn on my computer, my iPad, or iPhone," Honan wrote.

The hacker eventually deleted Honan's Google account and he was unable to restore it as this required Google sending a text message to his phone, which was now offline.

Honan was previously a writer for gadget blog Gizmodo and still had Gizmodo's Twitter linked to his account. The hacker started tweeting from the Gizmodo account and from Honan's personal account with racist and other offensive remarks.

Apple's tech support could do virtually nothing to help and told Honan that the data on his iOS devices would most likely be gone for good without "serious forensics".

"I've lost more than a year's worth of photos, emails, documents, and more. And, really, who knows what else. It's been a shitty night," Honan concluded.

Honan eventually got his iPhone back online but because he uses Google Voice, and his account was deleted along with his Google account, he couldn't send or receive text messages or make calls. All he could do was wait to see if Google would decide to reinstate his account.

He wrote on Twitter that, even though he used a password management tool called 1Password, this provided no protection as the hacker broke into his account without knowing his passwords.

Honan's blog post went viral on the net, and it wasn't long before staff at Apple, Google and Twitter were on to it. Clearly, being a technology journalist for one of the major tech sites helped him as his Google and Twitter accounts were restored on the weekend. Honan also sent an email to Apple chief executive Tim Cook and, within 10 minutes, received a call from Apple Care.

The hacker also contacted Honan to let him know that they accessed his account "via Apple tech support and some clever social engineering that let them bypass security questions".

Apple has today confirmed to Honan that it was tricked by the hacker and has since assured him that now only one person at Apple can make changes to his account. The company is still trying to restore the data on his MacBook.

Honan is not the only one whose online life has been upended by a hacker who used social engineering tricks on Apple. Chance Graham, a "designer at Apple" according to his Twitter page, tweeted: "Exact same thing happened to me - iCloud was social engineered via support. All accounts compromised. Hacker contacts me. Same m/o?"

The website was recently hacked and in a blog post the site's owners revealed the attackers attempted unsuccessfully to use the same social engineering method to try to access their accounts.

Chris Gatford, of security consultancy HackLabs, said social engineering was always the easiest method to gain unauthorised access and organisations could only defend themselves by having it performed and seeing how employees react.

"This I assume has not happened at Apple specifically the people at Apple Tech support anyhow," said Gatford.

"This is a very concerning situation and I hope Apple look into this and investigate ASAP."

Apple co-founder Steve Wozniak predicted at the weekend that there would be "horrible problems" in the coming years as cloud-based computing takes hold.

"I really worry about everything going to the cloud. I think it's going to be horrendous. I think there are going to be a lot of horrible problems in the next five years," he said.

"With the cloud, you don't own anything. You already signed it away ... a lot of people feel, 'Oh, everything is really on my computer,' but I say the more we transfer everything on to the web, on to the cloud, the less we're going to have control over it."

Ty Miller, CTO at Pure Hacking, said email accounts were considered a "trusted primary contact point" and once your email account is compromised the attacker can easily reset passwords for almost all your other online services. The impact you feel is going to be dependent upon the attacker's intent, he said.

"This can range from destroying your data and a public shaming of the victim for being hacked, through to causing financial losses by causing large Skype bills, or performing complete identity theft where the attacker can take control of your bank accounts and finances," he said.

"To reduce the risk of your online identity becoming compromised, individuals should set very complex answers to password reset security questions, utilise two-factor authentication where possible for online services, and make sure that different passwords are used across all online accounts."

Honan and Apple did not respond to requests for comment.


  • wow for a 'Technology Journalist" he isnt very good at protecting his technology...backup on a hard drive not on the cloud! Noob mistake buddy

    Date and time
    August 06, 2012, 10:10AM
    • Yeah what a noob. Fancy believing in apples on line storage facility and security would work user again is it?

      I had apples cloud wipe all my contacts after I 'upgraded' to iOS5 on my iPhone

      I was a noob too and that was user error

      Date and time
      August 06, 2012, 10:26AM
    • This is why you need to take control and not let someone take control of your life. "Backup backup and BACKUP"... This is also the reason to move away from apple iPhones as once it it wiped remotely ( as is the case in this article) you need to connect to a computer to activate it before you can make calls. If you dont have access to a computer you wont be able to make calls. with other phones atleast you can make calls even if the phone contents are wiped..

      Date and time
      August 06, 2012, 10:27AM
    • Frank did you actually read the story? Not only did he set the device to back up to the cloud, but he did local backups as well.

      Date and time
      August 06, 2012, 10:32AM
    • Totally agree. Anyone with experience would back up anything mission critical to a hard drive in your own possession. Then back up a second time to protect against a hard drive failing, then a third time to a drive secured off site in case of theft or a fire. With hard drives costing next to nothing one can have no sympathy for the losses described in this article.

      Date and time
      August 06, 2012, 10:44AM
    • @cian
      Im not sure where you read that? i cant see any specific mention of local backups - i can see a quote "I've lost more than a year's worth of photos, emails, documents, and more. And, really, who knows what else. It's been a shitty night" which suggests he doesnt have an up to date local backup....

      interested observer
      Date and time
      August 06, 2012, 10:48AM
    • I call into doubt his real IT ability... using Apple over Samsung is fail 101.

      Date and time
      August 06, 2012, 10:51AM
    • ""I've lost more than a year's worth of photos, emails, documents, and more. And, really, who knows what else. It's been a shitty night," Honan concluded."

      He didn't have any recent local backups otherwise he wouldn't have lost more than a year's worth of information. A remote wipe of a device wouldn't wipe out its backups as well.

      You can confirm the details here -

      "Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else."

      Date and time
      August 06, 2012, 10:52AM
    • @Cian: Have YOU read the article? Here's one quote "I've lost more than a year's worth of photos, emails, documents, and more. And, really, who knows what else" (not exactly something that happens when one backs up one's data) and not one mention I could find of him backing this data up offline.

      Date and time
      August 06, 2012, 11:09AM
    • It appears that he lost his backed up external HD as well? I use iCloud for the home and I guess it goes online as well. I'm not familiar with it yet. This sort of problem could happen with other nonApple iCloud systems too is my guess. Last year somehow stuffed up and was unable to rebboot in any way. I couldn't even reboot from my ext. HD. Apple supplied my local Apple technician with some special password which opened it up again. Whew. But as far as losing stuff from the ext.HD that is worrisome. I only physically plug it in when I back up and then unplug when finished and I'm not online either. I something goes awry, then all the old passwords are still on the ext. HD plus everything else.
      Earlier this year my wife had her iPhone pick pocketed in LaPaz. When I said I'd find it on "find my phone" from my iPad. She didn't have it installed!!!! I did manage to remotely disable her phone through a Telstra phone call and disable online her email details.
      I think I'll stay away from iCloud online if that is possible.

      Date and time
      August 06, 2012, 11:50AM

More comments

Comments are now closed

Related Coverage

HuffPost Australia

Follow Us

Featured advertisers