Apple faulty on .Mac social engineering attack

Marko Karppinen: Apple just gave out my Apple ID password because someone asked.

I tried to log in to Apple Developer Connection this morning to find out that my password had been changed and the email associated with my account was now a yahoo.com address that wasn't mine. Luckily, my "security question" was still the same, so I was able to reset the password and email address back.

Based on the emails that have appeared in my .Mac mailbox, this was accomplished by sending this classy one-liner to Apple:

am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com

To which Apple reacted by doing the only reasonable thing - saying Sir, Yes Sir! and handing my account over.

Crazy and outrageous story.

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...