Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.



Pick an apple! 


Related Articles



Gizmodo Writer’s iCloud Account Hacked

Mat Honan of Gizmodo admits he had an seven-character password he had used for years, but that weakness isn't what led to a villain gaining access to his iCloud account, remote wiping his iOS devices and MacBook, and hijacking his Twitter account. Rather, Honan says the hacker used social engineering to talk Apple customer service into giving up information. That's a disturbing report, and we will update as more information becomes available.favicon follow link


Comments about Gizmodo Writer’s iCloud Account Hacked
(Comments are closed.)

These are Mac users. A 7-digit, numbers-only password is relatively one of the stronger passwords used.
Glenn Fleishman  An apple icon for a TidBITS Staffer 2012-08-05 13:23
That's a remarkable set of assumptions. Also, I corrected this post: Mat described it as "7 digits" but then says it was "alphanumeric" so he meant seven characters long.
Bruce Borquist  2012-08-05 13:25
Hassan  2012-08-05 13:41
Here is how to protect yourself online
Use 15+ characters password, with upper & lower case characters, numbers and special characters. 15 characters password has 41 septillion possible combinations, it will take 325 million years for a computer to crack it
Do not use the same password for all your accounts, I know its hard to remember passwords, but use password app like "1Password, Password Safe...etc"
For security questions; do not use any real dates or names, city...etc
Secure emails: Setup your main email to send or forward a copy of your emails to your phone, to send a email to AT&T phone as text message, the address would be "", with that you will get a text message when you get an email, and you can watch for emails when your password or security setting get changed
Bank account & credit cards: most banks today offer text messages notification for "address changes, charges, balance...etc", with that setup you do not have to log on or call the bank to see the activities,  thieves knows that most people log on to the account or check once a month to make a payment or look at statement.
Finally: when using the web, regardless what web browser you are using, make sure you log out other sites like "Facebook, gmail, hotmail…etc", doing so will not only prevent sites from tracking you online, also if your computer get hacked while online, your account won't be compromised

Glenn Fleishman  An apple icon for a TidBITS Staffer 2012-08-05 13:45
Note that Mat discovered he was hacked through social engineering (another party being fooled into giving up a way to access the account). The password wasn't at issue.
artMonster  2012-08-05 15:06
It has been fascinating (in a grim sort of way), to see this unfold across various social media sites. This is terrible for Mat, but maybe this is a wakeup call for Apple, if it turns out that they were duped via social engineering. In some way, I think it is best that I was not able to link my 3 Apple ID's. Inconvenient, but may limit the damage when something like this occurs.