Gizmodo Twitter Account Hack Reveals Apple`s Vulnerability to Social Engineering

News of Gizmodo`s Twitter account getting hacked last Friday , as reported by Forbes, was met with concern as to how exactly the attacker did it. With the discovery that former Gizmodo employee Mat Honan`s e-mail and Twitter accounts had been illicitly accessed, came a possible answer. It was initially suspected his passwords were not strong enough.

After strenuous digging, Honan retraced the hacker`s steps and managed to pieve this complicated story together. He gives a full account on his blog Emptyage:

“At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. [“¦]

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone

At 5:01 PM, they remote wiped my iPad

At 5:05, they remote wiped my MacBook Air.

A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo`s they were then able to gain entry to that as well.”

The research pointed out that Honan was not the one at fault, but Apple`s support. “I know how it was done now. Confirmed with both the hacker and Apple. It wasn`t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions,” reads the third update to his blog post on the incident.

Honan has submitted an inquiry to Apple and is waiting for a response, though he has already been assured that the matter “had been escalated and there is now only one person at Apple who can make changes to [his] account.”