Do Not Link Accounts through Apple!

[Collector]

Mat Honan of Wired magazine had many of his accounts linked through his Apple account. A hacker was able to get just the last four digits of the credit card on record with Amazon, which he then used to access Honan's Apple account. From there he he was able to access Honan's Gmail, Twitter and several other accounts. The hacker then wiped all of Honan's emails and his Twitter account. The hacker then wiped Honan's iPhone and formatted the hard drive of his Macbook Pro.

http://www.wired.com/gadgetlab/2012/08/ ... cking/all/

This is what I have been saying about Apple's scheme of making the iOS a "walled garden" giving nothing more than a fig leaf for security. It limits functionality for no real tangible benefits and only encourages people to "jailbreak" their iPhones/iPads to expand functionality.

[Tawmis]

Pfft. I still say if a hacker wants to do it - he or she will do it. Doesn't matter if it's Apple, Android, etc. For example, just today also released Blizzard Entertainment Gets Hacked. Determination of the hacker will be what decides if something can and will be hacked. But reading more about Honan's hack, it looks like it has a LOT less to do with the iPhone's security and more like some dumb ass customer service rep at Apple who gave out part of the guy's password despite the hacker's inability to provide proper information.

[MusicallyInspired]

Solution: don't buy Apple products.

[Tawmis]

Solution: don't buy Apple products.

Or use any form of online buying like Amazon... or eBay...

Oh, and don't forget to NEVER use credit cards at gas stations. Those have been hacked too. Only pay with cash.

Oh! But be careful if you get cash at an ATM!

People get robbed there.

So maybe only go INSIDE the bank to get money!

Oh! But be careful.

People rob banks too.

Oh. And don't go to movie theaters.

People get shot there.

Oh. And don't go to school. Home school your kids. People shoot up colleges and schools.

[BBP]

Oh! But be careful if you get cash at an ATM!
People get robbed there.

Don't mock that please, it happened to my father. He had to buy a train ticket in The Hague (he was taking care of Gran's since she was in hospital with a heart attack) at one of those ticket machines that they have out here, and happened to do that at the only one that didn't have a security camera. This Yugoslav gang operated there by looking at their PIN code and stealing their pass by distracting them with a wad of paper saying "You dropped some money". My father doesn't keep his money with his bank cards, so he knew he was lying and held his hand on the card slot, after which the robber started jerking his arm. In the struggle, he got hold of my father's bank card and ran off.
In the next five minutes, my father had gone to the police and blocked his bank card. By then it was too late: the robbers had stolen 1500 euros off his account.
He didn't tell Gran about that, ever. He did get his money back, from the bank, which was a struggle of its own.
After this, he didn't use any outside ATM for months unless somebody else was with him, he got a second account to use for these small payments so the damage will be limited, he keeps an eye out for security cams, and he never used those train ticket vendor machines again. Psychological damage is enormous.

[Collector]

Pfft. I still say if a hacker wants to do it - he or she will do it. Doesn't matter if it's Apple, Android, etc.

But that is my point. The "walled garden" approach gains nothing. It does, however, limit functionality. This story does illustrate the stupidity of linking accounts in general.

[DeadPoolX]

Pfft. I still say if a hacker wants to do it - he or she will do it. Doesn't matter if it's Apple, Android, etc.

But that is my point. The "walled garden" approach gains nothing. It does, however, limit functionality. This story does illustrate the stupidity of linking accounts in general.

That's real danger, Apple's "walled garden" or not. If you link all of your accounts, it only takes a breach in one of them to compromise all of them. That's part of the reason why I don't link accounts, especially on those sites that want me to log in using my Facebook account.

CSRs should also be better trained. In this particular case, the CSR did a real half-assed job and allowed someone else to gain access to another person's account. Unfortunately, no matter how good the security measures are at a company or in a piece of software, the weakest link is always people.

[Collector]

CSRs should also be better trained. In this particular case, the CSR did a real half-assed job and allowed someone else to gain access to another person's account. Unfortunately, no matter how good the security measures are at a company or in a piece of software, the weakest link is always people.

This is why they tend to pay CSRs more for critical accounts. An agent for credit cards, for example, is generally better paid than those of more generic customer service or lower level tech support. It makes them more conscientious about their jobs. I don't if Amazon outsources their call centers, but I do know that Apple does. This means that the CSRs are probably not as well trained nor paid as well and with fewer (if any) benefits as an Apple employee. If a call center is based in some place other than the first world these differences will be even more extreme.

[DeadPoolX]

If a call center is based in some place other than the first world these differences will be even more extreme.

It can go further than that, too. For instance, Canada has far stricter privacy laws than the US does, which includes the kind of information that companies are allowed to share or give out.

[Maxor127]

That can and will happen with any company. It's naive to just blame Apple. That problem was because of a crappy customer service rep. I know from experience that crappy customer service reps exist in all businesses. Not to mention the fact that if a hacker can gain control of one account, then he's going to gain access to all of your accounts. It doesn't matter if it's Apple or not.

One of my email accounts was hacked last year because someone guessed my security answers and was able to get into my Facebook through there and also my gmail. I try not to link accounts, but sometimes you have to. The lesson I learned is that security questions are no different than passwords and you pretty much have to use codes instead of actual answers for them. This is the world we live in now, get used to it.