AAPL Stock: 107.72 ( -5.04 )

Printed from

Apple works to investigate MobileMe hackers

updated 10:50 pm EDT, Tue August 25, 2009

User's MobileMe hacked

Philp Hayes, a self-declared IT expert, claims his MobileMe account was hacked. The user asserts that hackers accessed his account, changed the password and made a 55 PayPal purchase from RapidShare. The blog entry lends insight to the way Apple reps communicate with each other, suggesting those that assisted Hayes used iChat and prompted him to also chat online via an Apple Support page.

Hayes was alerted to the presence of hackers when he noticed various PayPal e-mails were being deleted without his involvement. E-mails were being sent to the account whenever the hackers were accessing it by changing his passwords. The hackers were deleting the messages with the hopes of preventing Hayes from discovering the security breach. The user also received a GROWL alert saying his password had been successfully changed. Hayes believes the hackers were able to change the password by deciphering his admittedly-weak security question.

While the hacker's attack continued, the Apple representative discouraged Hayes from changing his MobileMe account password, suggesting it would prevent support from viewing what was happening and who was doing it. The hackers then changed the password themselves, locking out both Apple Support and Hayes.

The support representative was able to change the password again, blocking the hackers from further access, although the supervisor was unable to access information pertaining to where the hackers were located or what they did while searching through Hayes' information -- something that Hayes says can commonly be accessed by server administrators.

Given that Hayes admitted to choosing a weak security question, his criticisms of the MobileMe service would apply to most other password-protected online accounts. Individual experiences with Apple's support staff, however, have varied greatly. Despite the frustrations, several surveys suggest Apple has maintained a lead in consumer satisfaction when comparing a larger number of user impressions following support calls.

by MacNN Staff





  1. Camelot

    Joined: Dec 1969



    I wouldn't expect front-line support to be able to track hacker activity like this. They did what they needed to (locked the account and stopped further abuse). They wouldn't, and shouldn't, have access to server logs, and forensic analysis of malicious activity takes time and skill.
    Even if they could determine the hackers' identity, they would absolutely not reveal this to the user without some kind of legal requirement such as a subpoena.

    So it sounds to me that Apple did exactly what they should - dealt with a stupid user appropriately and stopped the actions. What's the problem (or the news!) here?

  1. herojig

    Joined: Dec 1969


    Don't get this, how could

    Don't get this, how could do this, unless his paypal account name and password were the same as the mobile me one? Or it was stored in his mobile me files?

    Btw, there is no tie to paypal in mobileme, and only the last 4 of the credit card are used, with the security code unstored. I don't get this story at all!

  1. ocabj

    Joined: Dec 1969



    I'd like to have the use of an OTP / token generator for mobileme. I'd pay a one time fee for a token generator.

  1. hayesk

    Joined: Dec 1969



    IT expert? Yeah, right. He used an easy to guess security question and blames Apple for not requiring a second email address? Oh please?

    Sure, Apple could require a second email - if you have one. But what if you don't? Bottom line is this was his fault. A poster on that page offers good advice - answer security questions with nonsensical answers. Just make sure you can remember them or keep the answers securely locked away.

  1. LouZer

    Joined: Dec 1969


    Re: OTP

    Isn't that going a bit overboard to protect your email. I'm sure you'd love to type in a new password everytime you retrieved your email.

    As for PayPal, perhaps they used the address to find an account, then did one of those "I forgot my password" things.

  1. nat

    Joined: Dec 1969



    As a long time Paypal user I purchased a one time fee $5 security key and need it to login to my account. I wouldn't think of running my business without it.
    This doesn't address the MobileMe issue but with all the Paypal phishing attempts and just plain good security practice I can only wonder why anyone wouldn't spend that 5 bucks.

  1. testudo

    Joined: Dec 1969


    Re: paypal

    Easy. Cheap-cheap-cheap.

    Not to mention the "Oh, I'd never get fooled by some phishing attack!" excuse.

  1. MyRightEye

    Joined: Dec 1969



    This just happened to me too. I am not kidding.

  1. TheSnarkmeister

    Joined: Dec 1969


    Ongoing problem

    This is not a new problem and has been an ongoing issue for several years now. Apple, as typical, has refused to recognize it, or to assist by providing basic log file access that would allow for the problem to be investigated by users or law enforcement. My brother-in-law has a long dialog of e-mails with Apple about his account being hacked several years ago, which would help to prove a pattern of neglectful security behavior should anyone be able to round up a large enough group of Apple hacked victims to launch a class action suit. It seems that these days, the only way to get Apple to do the right thing by its customers is to sue them.

  1. herojig

    Joined: Dec 1969


    Sure wish they would fix the service while they we

    iDisk, syncing, iWeb update stability via, and other problems plaque this service. Chatting with apple does no good. Snow Leopard made things worse. For 99$, it should be a lot better.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...


Most Commented