How do hackers get information about a person's online user name and password, even if both are well protected by the account owner? In the past, we have seen reports that hackers make use of phishing scams to retrieve information about Xbox Live accounts.
This weekend, it appears that a clever hacker managed to gain access to the Twitter account of the tech website Gizmodo through, of all places, an Apple tech support member. AllThingsD.com reports that the hacker or group took control of the Twitter account, which has almost 500,000 followers, for 15 minutes on Friday and used it to post a variety of offensive and racist messages.
So what happened? The hackers got control via the Twitter account of a former Gizmodo staff member, Mat Honan. Venture Beat reports that Honan first thought the hackers got a hold of his information via a brute force method. However, he later got in contact with the unnamed hacker, along with someone at Apple. He states, "They got in via Apple tech support and some clever social engineering that let them bypass security questions." Honan originally made these statements on his Tumblr page.
The hacker used the information given by the Apple Care support team member for more than just breaking into Honan's Twitter account. The unknown culprit also remotely deleted all of Honan's data from his various Apple products, including his iPhone, iPad and Mac. Honan's Gmail account was also accessed and deleted.
The story points out that he might not have had his account hacked if he had turned on support for authenticating his account with two factors, instead of just one. However, we imagine that Apple Care team member doesn't feel too good about being fooled into revealing private account information.
Source: Venture Beat