Here's How Easy Hacking an Apple ID Used to Be

We may earn a commission from links on this page.

As we learned when our friend Mat Honan got hacked earlier this year, Apple's customer support line was dangerously susceptible to hackers. With a little coaxing, Apple representatives would hand over a customer account after a hacker offered very little information. Luckily, Apple has closed up this hole, but here's a terrifying play-by-play of how easy it used to be to steal your life.

In the sidebar of Honan's latest, awesome piece for Wired about how passwords are useless, he has published a transcript of a hacker tricking an Apple employee:

Apple: How about this. Give me the name of one of your custom mail folders.
Hacker: "Google" "Gmail" "Apple" I think. I'm a programmer at Google.
Apple: OK, "Apple" is correct. Can I have an alternate email address for you?
Hacker: The alternate email I used when I made the account?
Apple: I will need an email address to send you the password reset.
Hacker: Can you send it to ""?
Apple: The email has been sent.
Hacker: Thanks!


Before the fix, as long as the hacker was mildly charming and didn't give up, sooner or later they could gain access to an account—maybe yours—with just the information on a public Facebook profile and some cleverly generic guesses. Be sure to head over to Wired for the rest of this transcript and for Mat Honan's excellent feature. [Wired]