Apple works to investigate MobileMe hackers
updated 10:50 pm EDT, Tue August 25, 2009
User's MobileMe hacked
Philp Hayes, a self-declared IT expert, claims his MobileMe account was hacked. The user asserts that hackers accessed his account, changed the password and made a €55 PayPal purchase from RapidShare. The blog entry lends insight to the way Apple reps communicate with each other, suggesting those that assisted Hayes used iChat and prompted him to also chat online via an Apple Support page.
Hayes was alerted to the presence of hackers when he noticed various PayPal e-mails were being deleted without his involvement. E-mails were being sent to the account whenever the hackers were accessing it by changing his passwords. The hackers were deleting the messages with the hopes of preventing Hayes from discovering the security breach. The user also received a GROWL alert saying his password had been successfully changed. Hayes believes the hackers were able to change the password by deciphering his admittedly-weak security question.
While the hacker's attack continued, the Apple representative discouraged Hayes from changing his MobileMe account password, suggesting it would prevent support from viewing what was happening and who was doing it. The hackers then changed the password themselves, locking out both Apple Support and Hayes.
The support representative was able to change the password again, blocking the hackers from further access, although the supervisor was unable to access information pertaining to where the hackers were located or what they did while searching through Hayes' information -- something that Hayes says can commonly be accessed by server administrators.
Given that Hayes admitted to choosing a weak security question, his criticisms of the MobileMe service would apply to most other password-protected online accounts. Individual experiences with Apple's support staff, however, have varied greatly. Despite the frustrations, several surveys suggest Apple has maintained a lead in consumer satisfaction when comparing a larger number of user impressions following support calls.
Mac Elite
Joined: May 1999
so...?
I wouldn't expect front-line support to be able to track hacker activity like this. They did what they needed to (locked the account and stopped further abuse). They wouldn't, and shouldn't, have access to server logs, and forensic analysis of malicious activity takes time and skill.
Even if they could determine the hackers' identity, they would absolutely not reveal this to the user without some kind of legal requirement such as a subpoena.
So it sounds to me that Apple did exactly what they should - dealt with a stupid user appropriately and stopped the actions. What's the problem (or the news!) here?