Apple faulty on .Mac social engineering attack

8 Jul 2008

Marko Karppinen: Apple just gave out my Apple ID password because someone asked.

I tried to log in to Apple Developer Connection this morning to find out that my password had been changed and the email associated with my account was now a yahoo.com address that wasn't mine. Luckily, my "security question" was still the same, so I was able to reset the password and email address back.

Based on the emails that have appeared in my .Mac mailbox, this was accomplished by sending this classy one-liner to Apple:

am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com

To which Apple reacted by doing the only reasonable thing - saying Sir, Yes Sir! and handing my account over.

Crazy and outrageous story.

Posted by François Nonnenmacher on Tuesday, July 8, 2008 at 7:29 PM

Filed in and tagged , ,

Leave a comment

Gallery

Prev Next

Recent Entries

  • Moving on

    If everything goes well, next week I shall be the happy founder and owner of a shiny brand new company, under which I'll incorporate my...

  • Movable Type 4.2 is out

    Movable Type 4.2 is here with a lot of good news and new features. The new set of licences, if I get things correctly, is...

  • Using Movable Type as a CMS and NewsML feeds generator

    I'm putting the last touches on a CMS to generate custom NewsML feeds for internet portals. It's based on Movable Type 4.2 and allows for...

  • Google lets GMail certificate expire

    This expired certificate alert just showed up for my GMail account. Apparently Google let the SSL certificate expire for the smtp.gmail.com domain. In the...

  • Bon appétit

    We wanted to strip away all the nonsense. Do we really need a sommelier? Do we really need all the other accoutrements that you see...

Close