toggle

AAPL Stock: 95.04 ( -0.36 )

Printed from http://www.macnn.com

Apple works to investigate MobileMe hackers

updated 10:50 pm EDT, Tue August 25, 2009

User's MobileMe hacked

Philp Hayes, a self-declared IT expert, claims his MobileMe account was hacked. The user asserts that hackers accessed his account, changed the password and made a 55 PayPal purchase from RapidShare. The blog entry lends insight to the way Apple reps communicate with each other, suggesting those that assisted Hayes used iChat and prompted him to also chat online via an Apple Support page.

Hayes was alerted to the presence of hackers when he noticed various PayPal e-mails were being deleted without his involvement. E-mails were being sent to the account whenever the hackers were accessing it by changing his passwords. The hackers were deleting the messages with the hopes of preventing Hayes from discovering the security breach. The user also received a GROWL alert saying his password had been successfully changed. Hayes believes the hackers were able to change the password by deciphering his admittedly-weak security question.

While the hacker's attack continued, the Apple representative discouraged Hayes from changing his MobileMe account password, suggesting it would prevent support from viewing what was happening and who was doing it. The hackers then changed the password themselves, locking out both Apple Support and Hayes.

The support representative was able to change the password again, blocking the hackers from further access, although the supervisor was unable to access information pertaining to where the hackers were located or what they did while searching through Hayes' information -- something that Hayes says can commonly be accessed by server administrators.

Given that Hayes admitted to choosing a weak security question, his criticisms of the MobileMe service would apply to most other password-protected online accounts. Individual experiences with Apple's support staff, however, have varied greatly. Despite the frustrations, several surveys suggest Apple has maintained a lead in consumer satisfaction when comparing a larger number of user impressions following support calls.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Camelot

    Joined: Dec 1969

    +5

    so...?

    I wouldn't expect front-line support to be able to track hacker activity like this. They did what they needed to (locked the account and stopped further abuse). They wouldn't, and shouldn't, have access to server logs, and forensic analysis of malicious activity takes time and skill.
    Even if they could determine the hackers' identity, they would absolutely not reveal this to the user without some kind of legal requirement such as a subpoena.

    So it sounds to me that Apple did exactly what they should - dealt with a stupid user appropriately and stopped the actions. What's the problem (or the news!) here?

  1. herojig

    Joined: Dec 1969

    +5

    Don't get this, how could

    Don't get this, how could do this, unless his paypal account name and password were the same as the mobile me one? Or it was stored in his mobile me files?

    Btw, there is no tie to paypal in mobileme, and only the last 4 of the credit card are used, with the security code unstored. I don't get this story at all!

  1. ocabj

    Joined: Dec 1969

    0

    OTP

    I'd like to have the use of an OTP / token generator for mobileme. I'd pay a one time fee for a token generator.

  1. hayesk

    Joined: Dec 1969

    +1

    Self-proclaimed

    IT expert? Yeah, right. He used an easy to guess security question and blames Apple for not requiring a second email address? Oh please?

    Sure, Apple could require a second email - if you have one. But what if you don't? Bottom line is this was his fault. A poster on that page offers good advice - answer security questions with nonsensical answers. Just make sure you can remember them or keep the answers securely locked away.

  1. LouZer

    Joined: Dec 1969

    +2

    Re: OTP

    Isn't that going a bit overboard to protect your email. I'm sure you'd love to type in a new password everytime you retrieved your email.

    As for PayPal, perhaps they used the address to find an account, then did one of those "I forgot my password" things.

  1. nat

    Joined: Dec 1969

    +3

    paypal

    As a long time Paypal user I purchased a one time fee $5 security key and need it to login to my account. I wouldn't think of running my business without it.
    This doesn't address the MobileMe issue but with all the Paypal phishing attempts and just plain good security practice I can only wonder why anyone wouldn't spend that 5 bucks.

  1. testudo

    Joined: Dec 1969

    0

    Re: paypal

    Easy. Cheap-cheap-cheap.

    Not to mention the "Oh, I'd never get fooled by some phishing attack!" excuse.

  1. MyRightEye

    Joined: Dec 1969

    0

    Wow...

    This just happened to me too. I am not kidding.

  1. TheSnarkmeister

    Joined: Dec 1969

    +1

    Ongoing problem

    This is not a new problem and has been an ongoing issue for several years now. Apple, as typical, has refused to recognize it, or to assist by providing basic log file access that would allow for the problem to be investigated by users or law enforcement. My brother-in-law has a long dialog of e-mails with Apple about his account being hacked several years ago, which would help to prove a pattern of neglectful security behavior should anyone be able to round up a large enough group of Apple hacked victims to launch a class action suit. It seems that these days, the only way to get Apple to do the right thing by its customers is to sue them.

  1. herojig

    Joined: Dec 1969

    0

    Sure wish they would fix the service while they we

    iDisk, syncing, iWeb update stability via me.com, and other problems plaque this service. Chatting with apple does no good. Snow Leopard made things worse. For 99$, it should be a lot better.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Fugoo Bluetooth speaker

It's rare to find a Bluetooth speaker that can cover a large array of needs. Generally, speakers are wrapped in a desktop-convenient ...

Epson LW-600P

Label makers are traditionally simple machines that perform a single task which people feel they can either live with or without. In m ...

Tylt Energi 2K battery pack

Backup batteries are gaining ground as one of the devices that, for many users, must be carried around every day. With lives connected ...

toggle

Most Commented