A tech reporter from Wired by the name of Mat Honan documented in a blog how his online accounts including Twitter and Gmail were hacked by Phobia four days ago. The hacker reportedly used Honan’s Amazon and AppleCare IDs together with bits and pieces of his billing address and last four digits of his credit card to take control of his online accounts. Apple responded by checking into its system, especially requests over the phone to reset passwords for AppleID, shutting down password reset in the meantime . Amazon is following suit by totally eliminating the option to allow account changes over the phone.
Amazon customers will now be unable to make changes to their accounts by calling in. While certainly a small step, it will significantly stop social engineering attempts like what Phobia did to happen again, for now. Phobia called Amazon by asking some specific information about Honan, which eventually led to the deletion of Honan’sTwitter and Google accounts, including the obliteration of his data from his iPhone, iPad, and MacBook.
Phobia got access to Honan’s Amazon account by claiming to be him and adding a credit card to his account. The hacker provided Honan’s billing address, email address, and name. Afterwards, Phobia called Amazon’s hotline again pretending that he is unable to access his account this time. This is how he was able to gain entry into Honan’s account, allowing him to use the credit card information to add another email address and reset the journalist’s password.
The next target of Phobia was Honan’s Apple account. He called AppleCare and pretended to be Honan again, giving him access to Honan’s iCloud account, which was promptly wiped out clean.