The hackers were able to gain control of Honan’s iCloud account, providing access to Find My Phone and his Twitter accounts. Honan’s Mac, iPhone and iPad were wiped while his personal and Gizmodo’s Twitter accounts were then used to spew hateful comments.
Originally believing the hackers accessed his account using his password, Honan has confirmed the attack was faciliated through AppleCare support.
“I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions,” Honan said in a blog post.
“Apple has my MacBook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were.”
The hacker convinced AppleCare support that they were Honan, changing Honan’s iCloud password and giving them access to all iCloud connected accounts and devices.
Honan is working with Apple to regain his data, but the attack is a scary proposition for all Mac and iOS users utilising iCloud, especially if it is AppleCare providing the information.