News of Gizmodoâ€™s Twitter account getting hacked last Friday , as reported by Forbes, was met with concern as to how exactly the attacker did it. With the discovery that former Gizmodo employee Mat Honanâ€™s e-mail and Twitter accounts had been illicitly accessed, came a possible answer. It was initially suspected his passwords were not strong enough.
After strenuous digging, Honan retraced the hackerâ€™s steps and managed to pieve this complicated story together. He gives a full account on his blog Emptyage:
â€œAt 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. [â€¦]
The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone
At 5:01 PM, they remote wiped my iPad
At 5:05, they remote wiped my MacBook Air.
A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodoâ€™s they were then able to gain entry to that as well.â€
The research pointed out that Honan was not the one at fault, but Appleâ€™s support. â€œI know how it was done now. Confirmed with both the hacker and Apple. It wasnâ€™t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions,â€ reads the third update to his blog post on the incident.
Honan has submitted an inquiry to Apple and is waiting for a response, though he has already been assured that the matter â€œhad been escalated and there is now only one person at Apple who can make changes to [his] account.â€