Hacked. Hard

Mat Honan:

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password (see update) and then reset it to do the damage to my devices.

I’ve known Mat for a lot of years and he’s a really smart guy. This should be a lesson to all of us.



  • Harry Wang

    Ouch. Carnage. :( Brute force attack shouldn’t be possible against user accounts. If it is, Apple needs to seriously rethink their security practices given how much damage can be done with an iCloud password now.

  • Guest

    From the first update in an exchange from him and the hacker: “didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”

  • http://rushtips.com Jim

    I’m not an expert, but a 7 digit alphanumeric password would take more than 5 million years to brute force. It would seem like a key logger.

  • Shawn King

    “Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else. “

    He ain’t all that smart….

    And he’s lucky he’s got connections at the various social networks. Most of us would be completely screwed if this happened to us.

    • Steve Hyde

      Seconded!

  • Tom

    Smart? He doesn’t even take backups.

  • Jasper Janssen

    The latest update says that the hacker got in by social engineering Apple tech support. That’s a major black eye for Apple.

    And if this happened to someone who wasn’t a journalist, they could forget about getting their Goigle accounts back, let alone the Apple data.

    • Paul

      That assumes the hacker is being honest – given that he has already committed one crime, the possibility that he is not being 100% honest is very possible.

  • lucascott

    Interlinking accounts the way he did isn’t all that smart.

    Not backing up your stuff isnt all that smart.

    I’m sure he’s a really nice guy but without more details about exactly what went down I’m not going with Apple being the only ones to blame, if any