Originally shared by Stephen NgThis is a must read.
It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud....
First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card.... Then you hang up.
Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits.
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud....
First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card.... Then you hang up.
Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits.
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com
I would encourage people to read "Takedown" prior to reading "The Art of Deception"... gives you a frame of reference for who this Mitnick guy is.
http://www.amazon.ca/mn/search/?_encoding=UTF8&camp=15121&creative=390961&field-keywords=mitnick&linkCode=ur2&tag=vius-20&url=search-alias%3Daps&x=0&y=0