About Me

My photo
I Am Hamza Subedar in 14th And Doing Software Engineer And Like To Solve Computer and Of Any Gadgets Problem I Like To Tell People That I Can Help To Solve Your Problem Anyways Bolg Me And Get your Problem Solve

Followers

Wednesday, August 15, 2012

Hacker Forced Online Giants to Change Security Policy

Apple and Amazon will no longer tell anyone the customers’ credit card details over the phone. The matter is that a hacker nicknamed Phobia has forced both Apple and Amazon to change their security policies by breaking into to a tech journalist’s account.

The hack in question involved looking up Matt Honan’s Twitter and guessing his Gmail account. That’s how the hacker was able to view his backup email address, which also served as his AppleID.

However, the hacker also needed the last 4 digits of the victim’s credit card. This one was got through Amazon by calling the company’s support line and adding a fake credit card account. After this Phobia called Amazon again and claimed to have lost the account password. The hacker used the fake credit card number and added a new email account which allowed him to see the last 4 digits of the victim’s credit card number.

Finally, the hacker called AppleID and used the credit card details alongside with Honan’s birth date in a bid to get a temporary password.

As you can see, it turned out to be very easy, but has caused many problems for both Amazon and Apple, which have been advertising their cloud systems as secure. The online retailer has come up with the best policy, which has stopped allowing people to change their account settings over the phone.

As for Apple, the company is currently freezing all AppleID password requests placed over the phone and is considering a new security policy. However, the question remains what makes anyone to believe that using the last 4 digits of a credit card to verify the user’s identity for such powerful services on linked devices passes for security.

The hacker made a statement, saying that he wanted “to publicize security exploits and allow the companies to fix them”. 

No comments:

Post a Comment