Amazon and Apple users told to wipe credit card data in wake of iCloud hack

Credit card security
9 Aug, 2012

Varonis warns end users to step up their credit card security following Mat Honan's password hack.

Amazon and Apple users are being advised to take extra precautions with their credit card details, in the wake of last week’s iCloud hack on US tech journalist Mat Honan.

Hackers managed to successfully negotiate Amazon’s security controls to lock Honan out of his Apple iCloud account and, in turn, remotely wipe his iPhone, iPad and MacBook Air.

The hackers are said to have obtained the last four digits of Honan’s credit card number from Amazon’s tech support team, which was then used by Apple to falsely verify Honan’s identity.

Since news of the hack emerged last week, both firms have vowed to tighten up their security controls, and have stopped offering to reset customer passwords over the phone.

However, Rob Sobers, technical manager at security vendor Varonis, said there are other steps end users can take to safeguard their data.

In particular, Amazon customers should consider removing their credit card details from the site to prevent them falling foul of hackers in a similar way to Honan.

If the card stored with Amazon didn’t match the card stored with Apple, the attack would have stopped.

“Until Amazon rethinks their identity verification process, the only way to protect against this [type of] hack is to delete any credit card data you have on file with Amazon,” he advised.

“Yes, it’s painful to have to enter your credit card information every time you place an order, but is it as painful as having your digital identity stolen?”

He also urged Apple users to set up and use a separate, single use credit card for their iTunes and App Store accounts.

“Apple requires you to have a credit card on file if you want to use iTunes and the App Store, so deleting your credit card data might not be viable,” he explained.

“[But], if the card [Honan] stored with Amazon didn’t match the card stored with Apple, the attack would have stopped here.”

Sobers said end users should also seize on Honan’s case to sort out their backup and recovery strategies, just in case something similar were to happen to them.

“So many systems are interconnected in the cloud making things more convenient than ever before, but we have to realise that this same interconnectedness makes security exponentially harder,” Sobers added.

“Passwords are no longer good enough—not for the important stuff. If Apple, Amazon, and Google can’t get security right, what are the lesser known providers doing?"