Here's How Easy Hacking an Apple ID Used to Be

As we learned when our friend Mat Honan got hacked earlier this year, Apple's customer support line was dangerously susceptible to hackers. With a little coaxing, Apple representatives would hand over a customer account after a hacker offered very little information. Luckily, Apple has closed up this hole, but here's a terrifying play-by-play of how easy it used to be to steal your life.

In the sidebar of Honan's latest, awesome piece for Wired about how passwords are useless, he has published a transcript of a hacker tricking an Apple employee:

Apple: How about this. Give me the name of one of your custom mail folders.
Hacker: "Google" "Gmail" "Apple" I think. I'm a programmer at Google.
Apple: OK, "Apple" is correct. Can I have an alternate email address for you?
Hacker: The alternate email I used when I made the account?
Apple: I will need an email address to send you the password reset.
Hacker: Can you send it to "toe@aol.com"?
Apple: The email has been sent.
Hacker: Thanks!

Before the fix, as long as the hacker was mildly charming and didn't give up, sooner or later they could gain access to an account—maybe yours—with just the information on a public Facebook profile and some cleverly generic guesses. Be sure to head over to Wired for the rest of this transcript and for Mat Honan's excellent feature. [Wired]