Amazon and Apple users told to wipe credit card data in wake of iCloud hack

Varonis warns end users to step up their credit card security following Mat Honan's password hack.

Credit card security

Amazon and Apple users are being advised to take extra precautions with their credit card details, in the wake of last week's iCloud hack on US tech journalist Mat Honan.

Hackers managed to successfully negotiate Amazon's security controls to lock Honan out of his Apple iCloud account and, in turn, remotely wipe his iPhone, iPad and MacBook Air.

The hackers are said to have obtained the last four digits of Honan's credit card number from Amazon's tech support team, which was then used by Apple to falsely verify Honan's identity.

Since news of the hack emerged last week, both firms have vowed to tighten up their security controls, and have stopped offering to reset customer passwords over the phone.

However, Rob Sobers, technical manager at security vendor Varonis, said there are other steps end users can take to safeguard their data.

In particular, Amazon customers should consider removing their credit card details from the site to prevent them falling foul of hackers in a similar way to Honan.

If the card stored with Amazon didn't match the card stored with Apple, the attack would have stopped.

"Until Amazon rethinks their identity verification process, the only way to protect against this [type of] hack is to delete any credit card data you have on file with Amazon," he advised.

"Yes, it's painful to have to enter your credit card information every time you place an order, but is it as painful as having your digital identity stolen?"

He also urged Apple users to set up and use a separate, single use credit card for their iTunes and App Store accounts.

"Apple requires you to have a credit card on file if you want to use iTunes and the App Store, so deleting your credit card data might not be viable," he explained.

"[But], if the card [Honan] stored with Amazon didn't match the card stored with Apple, the attack would have stopped here."

Sobers said end users should also seize on Honan's case to sort out their backup and recovery strategies, just in case something similar were to happen to them.

"So many systems are interconnected in the cloud making things more convenient than ever before, but we have to realise that this same interconnectedness makes security exponentially harder," Sobers added.

"Passwords are no longer good enoughnot for the important stuff. If Apple, Amazon, and Google can't get security right, what are the lesser known providers doing?"

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Recommended

Apple sues NSO Group over Pegasus attacks on its customers
spyware

Apple sues NSO Group over Pegasus attacks on its customers

24 Nov 2021
Apple launches self-repair scheme for iPhones and Macs
Business strategy

Apple launches self-repair scheme for iPhones and Macs

18 Nov 2021
AWS and IBM join forces to reduce data barriers in the energy industry
Software

AWS and IBM join forces to reduce data barriers in the energy industry

15 Nov 2021
Apple unveils Business Essentials suite for small businesses
business management

Apple unveils Business Essentials suite for small businesses

11 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021