Amazon and Apple users told to wipe credit card data in wake of iCloud hack

Varonis warns end users to step up their credit card security following Mat Honan's password hack.

Credit card security

Amazon and Apple users are being advised to take extra precautions with their credit card details, in the wake of last week's iCloud hack on US tech journalist Mat Honan.

Hackers managed to successfully negotiate Amazon's security controls to lock Honan out of his Apple iCloud account and, in turn, remotely wipe his iPhone, iPad and MacBook Air.

Advertisement - Article continues below

The hackers are said to have obtained the last four digits of Honan's credit card number from Amazon's tech support team, which was then used by Apple to falsely verify Honan's identity.

Since news of the hack emerged last week, both firms have vowed to tighten up their security controls, and have stopped offering to reset customer passwords over the phone.

However, Rob Sobers, technical manager at security vendor Varonis, said there are other steps end users can take to safeguard their data.

In particular, Amazon customers should consider removing their credit card details from the site to prevent them falling foul of hackers in a similar way to Honan.

If the card stored with Amazon didn't match the card stored with Apple, the attack would have stopped.

"Until Amazon rethinks their identity verification process, the only way to protect against this [type of] hack is to delete any credit card data you have on file with Amazon," he advised.

Advertisement - Article continues below
Advertisement - Article continues below

"Yes, it's painful to have to enter your credit card information every time you place an order, but is it as painful as having your digital identity stolen?"

He also urged Apple users to set up and use a separate, single use credit card for their iTunes and App Store accounts.

"Apple requires you to have a credit card on file if you want to use iTunes and the App Store, so deleting your credit card data might not be viable," he explained.

"[But], if the card [Honan] stored with Amazon didn't match the card stored with Apple, the attack would have stopped here."

Sobers said end users should also seize on Honan's case to sort out their backup and recovery strategies, just in case something similar were to happen to them.

"So many systems are interconnected in the cloud making things more convenient than ever before, but we have to realise that this same interconnectedness makes security exponentially harder," Sobers added.

"Passwords are no longer good enoughnot for the important stuff. If Apple, Amazon, and Google can't get security right, what are the lesser known providers doing?"

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



HBO Max enters the streaming wars — does it have what it takes?

29 May 2020

K2View innovates in data management with new encryption patent

28 May 2020

ZLoader malware returns as a coronavirus phishing scam

27 May 2020

Amazon in talks to acquire autonomous-driving startup Zoox

27 May 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020