@@Cheepchipsable I presume they mean why use the credit card at all. (since even if it was the whole credit card or something, there's still privacy issues with friends/family seeing the card) I think the answer is that it's an easy way for customers to get sorted out because most other ways are going to be too problematic for many customers. Obviously still not a good idea though, and Apple may not use that anymore.
Because Apple had very poor ways of verification for an Apple ID back then. It's much better now (and by better, I mean more annoying, but reasonably harder to gain unauthorized access.)
That's what's always baffled me about credit cards. It shouldn't be handing over the "keys" to your account, then them letting themselves in and making a charge, but you using the "key" to *send* a transaction yourself, so they don't get any information that can be reused to illegally charge you again, or leak that information to someone else. Unironically done better by cryptocurrency wallets than by the card networks that have been around for decades.
@@marvinracer88 No. Apple really are that dumb. Once they get a hold of your apple id, there is no way to get it back. Not even with the email you originally signed in with. The actual username
@@ilv1 looking through archived apple support docs, it looks like not much has changed in this exact format of account recovery. The process detailed seems to be the last resort: contacting Support and having them reset your account. It requires not just CC number and email address, but also a government ID verification, a payment to said credit card to be verified and go through (temporary payment, verifies that you own the card and approve its use in this support process), and whatever else they ask you to provide based on the circumstance. It’s also not automated, it’s a human being looking through the details and deciding what else is necessary.
@@ilv1 maybe they should point out in the video that it happened at 2012, because now it is not possible. Videos like this just provide misinformation since people think are current
These days, people also uses actual different methods as well... So... It isn't as simple as you assume any more. This was how entire banking systems or branches had been stolen away from different countries... i.e. An entire bank was stolen.
Card numbers are dumb in general. Why can you pay by just numbers stamped on a card? One photo of the front and back someone can make charges. And because it's so sensitive they use it as identification? It's like the social security number stuff all over again.
Amazon was being negligent, but the hacker was actively ruining his life. I'm not saying Amazon is not in the wrong but the hacker is definitely to blame.
You cannot stop a sufficiently motivated hacker. These platforms are incredibly secure generally. Strengthening these cases incurs a usability cost that can be even more frustrating to customers vs. having one customer pwned.
What I believe happened based on what I can see is : 1) He Added HIS credit card Mat's Amazon Account by calling Amazon Customer Support #1 . They made the change to Mat's account without confirmation of Identity. 2) Now that his card was on Mat's Account, He was able to call Amazon Support #2 and Request to change the password, Using HIS Credit card on Mat's Amazon Account to confirm to Amazon Support that He "Owned" Mat's Amazon Account. Once they confirmed his Credit Card was on the Account, That completed the "Account Authentication" step of the process and they let him change the password, and he was able to log into the account (and see the list of credit cards). Terrifyingly Genius if you ask me, and a HUGE flaw on Amazon's part. He should have needed Account Authentication to add the credit card to the account in the first place. EDIT : It probably wasn't his personal Credit Card, But a Fake Temporary one (Some websites / services allow you to create one-time use credit cards, etc) , Or a Business one -- That way the Name etc. could be Mat's or at least not look like it was from an individual besides Mat.
I also didn’t understand the credit card part. So he would somehow Logged into his Amazon account and then called Amazon pretending to be the guy on the account and added some random credit card but instead of using the last four digits of the credit card he just added he instead was able to see the last four of the original credit card so why even bother adding that other card?
So as I understand it, he did 2 calls to amazon. In the first one, he just told his name and email address (of his victim) and told amazon to add a new card to that account. The card number was fake. Then after it was registered, he called a second time for a new employee and told them he wanted to reset the password because he forgot it and didn't have access to his email anymore but all he can say to identify his identity were the last 4 digits of a card number linked to that account (which he knew, cause it was his fake card) and it seemed to be enough for the amazon employee to send a reset link to a new email adress belonging to the attacker
It's been said before - it's stupid that something everyone considers so unimportant that they'll display it freely (the last 4 digits of the credit card) is also so important that they'll let you use it to prove your identity.
I've been hacked 3 times in this last year, had money stolen, my phone factory reset, losing a bunch of vital info, and making me replace every card I had! I filed fraud complaints, but for my few thousand dollars, they don't bother!
> dude discloses his real location & email to the public > hacker fools Amazon into giving him everything about this dude > Apple is responsible 100% logic
Yea tha apocalips digitally .. instah boskito man gen or. ..treated acat gen .. Lak in stock option or critpto or investam schim thy all rug pule or scam hak atha .. weting file and time and hope an drims from 2010 on 🎉
This is why I am not visible in the internet. Regular searches for your name will return a list of names like yours and maybe a couple of social media accounts but thats all.
Practically speaking that is hacking to the general population. Not misused like when media calls modifying a url to hit an unpublished link "hacking", this took some real knowledge and skill. It was exploiting the security systems of today using weaknesses and loopholes. That's still hacking.
> reveals personal email and home address > hacker fools Amazon into giving him details about the dude > hacker breaches into Twitter, Apple and Google accounts with that data > Apple is to blame 🤦
I assume back in summer 2012, amazon and apple worked differently given Mat exposed crucial information. Honestly I don't get either how his credit card let his acc to et compromised...They are terrible passwords.
Reasons you don't trust everything to the cloud. Making a offline backup of important things is essential. And when i mean offline i mean outside of your PC. I still have CDs from backups i did in 2005 lol.
Everyone here tries to argue which company failed...in reality, the TECH journalist is the only person who failed here. This is why you do not post your real information online, you use multiple email addresses with different aliases, different passwords, diff cards for diff accounts, even the spelling of your name, flip a couple of letters around and call it a typo if anyone questions, dont use cloud services for anything important. A tech journalist ahould know this and whatever you do, do not post your address and photos showing your house/street in the background etc. Its really easy to have your life ruined by someone driven..
The two step verification methods helps because lately I’ve been getting emails saying that someone is trying to reset my password; which they can’t because then it would proceed with a voice verification, which is something I, myself have access to.
Use two-factor authentication on everything, especially social media, because it's a big target. Sure, it can be annoying, but less so than losing access to your accounts. Hardware keys are best, but authenticator apps work ok. Try to avoid text or email codes when possible since they are not encrypted and are easy to steal. (still better than nothing.)
Well it isn’t Apple who caused this in the first place. Amazon gave the hacker literally everything they needed to hack not just into his Apple account, but his Twitter and Google too.
I was a victim in feb this year😢. I don't know how. But i guess it was computer virus that destroyed all my digital accounts. I used a lot of crappy softwares as i have a cellphone shop , i used this device to unlock phones etc.
No! A person working in technology who understood so little about it that he put everything needed to screw up his life online... surely not. It's not like my industry is now full of such people, dishing out commentary and advice to other people.
But also - don't leave easily identifiable information like your address or phone number on the internet... weird that a technology journalist doesn't know what age we live in
This mostly shows the weakness in password reset system. Often 2fa is not really two factors as you can use one to reset the other. Security is simple until you need to setup new passwords without physical contact.
I tried to get my card number from us bank online and it wouldnt let me access it til i got a code sent to my phone. I was aggravated at the time but then iw as like hmmm good idea.
A real failure by Amazon and Honan! Mat Honan should have know better that to have NO back ups, I taught My nephews and nieces to run the basic "Son, Father, Grandfather" back up cycle, especially when they were at University so if they had a data loss it would be limited to one day, and they are never left plugged into their laptop.
"technology journalist" - Street address out in the open - You can login Apple account with last 4 digits of your credit card number, which can also be brute forced. - Google account can be accessed via Apple account Everything he has can be compromised just by guessing 4 digits. And his solution was backing up stuff locally. Bro losing your data is not even your main problem.
Looks like he hasn't ruined his life, but taught three important lessons: 1)do your own backups, 2)limit the amount of identifiable info you're giving away and 3)don't use apple stuff. Big W here.
Why did he only need the last four digits of his credit card, literally every single website you've entered your card into shows those numbers
Most of the numbers on your card are country code and other info.
@@Cheepchipsable I presume they mean why use the credit card at all. (since even if it was the whole credit card or something, there's still privacy issues with friends/family seeing the card)
I think the answer is that it's an easy way for customers to get sorted out because most other ways are going to be too problematic for many customers.
Obviously still not a good idea though, and Apple may not use that anymore.
Because Apple had very poor ways of verification for an Apple ID back then. It's much better now (and by better, I mean more annoying, but reasonably harder to gain unauthorized access.)
@@Cheepchipsableall of them are a big code
That's what's always baffled me about credit cards.
It shouldn't be handing over the "keys" to your account, then them letting themselves in and making a charge, but you using the "key" to *send* a transaction yourself, so they don't get any information that can be reused to illegally charge you again, or leak that information to someone else.
Unironically done better by cryptocurrency wallets than by the card networks that have been around for decades.
The real failure was Amazon.
NO. he just relied on the cloud... for backups.😭😭
And apple
Wrong, CrApple was the main issue, instead of a security question, the credit card number was used to reset passwords
Apple really. There is nothing you can hack to wipe my linux boxes, heck even my harded windows box isn't at risk like that.
Apple 100%
After that he stopped using apple's shit service
Yeah, Apple made him disclose his email and physical address on a fucking blog site.
Once you throw money apples way you kinda deserve it. Don't feed the greed. Greed is bad.
@@marvinracer88 No. Apple really are that dumb. Once they get a hold of your apple id, there is no way to get it back. Not even with the email you originally signed in with. The actual username
@@Haz-Zzz yea open-source rules!
Let me get this straight. The hacker fooled Amazon and now Apple’s responsible? Interesting point of view I must say
Not literally "in a moment",mind you...
his life ruined ? , if the hacker took anything of real value .......
You are an Indian. 😂
Probably North Indian 😂😂
To reset apple password you need last 4 digits of CC? That seems incredibly stupid.
That’s because it’s not true
@@tdrg_ why do you say that? It happened in 2012. Might not be true now, if that is what you meant.
@@ilv1 looking through archived apple support docs, it looks like not much has changed in this exact format of account recovery.
The process detailed seems to be the last resort: contacting Support and having them reset your account. It requires not just CC number and email address, but also a government ID verification, a payment to said credit card to be verified and go through (temporary payment, verifies that you own the card and approve its use in this support process), and whatever else they ask you to provide based on the circumstance. It’s also not automated, it’s a human being looking through the details and deciding what else is necessary.
Apple only thinks about money. Nothing else matters. Mother's maiden name? So last century. Credit cards are better. (Their thinking)
@@ilv1 maybe they should point out in the video that it happened at 2012, because now it is not possible.
Videos like this just provide misinformation since people think are current
Why can a password be reseted using card numbers??? That's nonsense.
Old Social Engineering in action.
Bro security ques
It's crazy that you commented just to show everyone that you have zero critical thinking skills.
These days, people also uses actual different methods as well... So... It isn't as simple as you assume any more. This was how entire banking systems or branches had been stolen away from different countries... i.e. An entire bank was stolen.
Card numbers are dumb in general. Why can you pay by just numbers stamped on a card? One photo of the front and back someone can make charges. And because it's so sensitive they use it as identification? It's like the social security number stuff all over again.
They did all this for fun? I guarantee you that hacker is on 4chan 24/7
4chan is full of hypocrites
But why though? Did Mat steal that hacker's girlfriend?
Right...
😂😂
They’re losers
If a person is really wicked, he will do it just because he can and suffer no consequences.
I doubt both of those geeks ever shock a woman's hand
Not the hacker who ruined the dudes life, it was Amazon.
And Apple
Amazon was being negligent, but the hacker was actively ruining his life. I'm not saying Amazon is not in the wrong but the hacker is definitely to blame.
You cannot stop a sufficiently motivated hacker. These platforms are incredibly secure generally. Strengthening these cases incurs a usability cost that can be even more frustrating to customers vs. having one customer pwned.
@@daysofendexactly, a good hacker wouldn’t care and just find a work around.
I didn't understood the amazon part, how did he got into his amazon account?
He made a new one ask to link it prolly was able to see card
What I believe happened based on what I can see is :
1) He Added HIS credit card Mat's Amazon Account by calling Amazon Customer Support #1 . They made the change to Mat's account without confirmation of Identity.
2) Now that his card was on Mat's Account, He was able to call Amazon Support #2 and Request to change the password, Using HIS Credit card on Mat's Amazon Account to confirm to Amazon Support that He "Owned" Mat's Amazon Account. Once they confirmed his Credit Card was on the Account, That completed the "Account Authentication" step of the process and they let him change the password, and he was able to log into the account (and see the list of credit cards).
Terrifyingly Genius if you ask me, and a HUGE flaw on Amazon's part. He should have needed Account Authentication to add the credit card to the account in the first place.
EDIT : It probably wasn't his personal Credit Card, But a Fake Temporary one (Some websites / services allow you to create one-time use credit cards, etc) , Or a Business one -- That way the Name etc. could be Mat's or at least not look like it was from an individual besides Mat.
The hacker hacked it, duhhh
I also didn’t understand the credit card part. So he would somehow Logged into his Amazon account and then called Amazon pretending to be the guy on the account and added some random credit card but instead of using the last four digits of the credit card he just added he instead was able to see the last four of the original credit card so why even bother adding that other card?
So as I understand it, he did 2 calls to amazon. In the first one, he just told his name and email address (of his victim) and told amazon to add a new card to that account. The card number was fake. Then after it was registered, he called a second time for a new employee and told them he wanted to reset the password because he forgot it and didn't have access to his email anymore but all he can say to identify his identity were the last 4 digits of a card number linked to that account (which he knew, cause it was his fake card) and it seemed to be enough for the amazon employee to send a reset link to a new email adress belonging to the attacker
"Mac is so safe!"
The hacker use information that victim provided to the public,
that's why, we should never syncronize our main e-mail with work e-mail
Relax its Mac
Nothing is safe if you're providing your own information publicly...
But human is not.
@@Chleosl humans always the weakest link in the chain true
It's been said before - it's stupid that something everyone considers so unimportant that they'll display it freely (the last 4 digits of the credit card) is also so important that they'll let you use it to prove your identity.
I've been hacked 3 times in this last year, had money stolen, my phone factory reset, losing a bunch of vital info, and making me replace every card I had! I filed fraud complaints, but for my few thousand dollars, they don't bother!
Apple using credit cards for identity?
I call BS, too.
well, this was in 2012
@@andrewwang7699i don’t think they ever did, not even in 2012. It’s such a bad way of verifying user identity
Your credit card is the only thing they are interested in
real hackers could have done that a long time ago, they just never cared... that kid had something against him 😮
Twitter layout from 2012 ! Need to read his own story on the old wired article to get things clear..
Who is this guy and why did they erase his stuff?
Y'all slagging off Apple and Amazon , fair enough, but the hacker is the criminal. They should go to jail.
The real failure was apple.
Did apple made him disclose his fucking address and email to anyone?
> dude discloses his real location & email to the public
> hacker fools Amazon into giving him everything about this dude
> Apple is responsible
100% logic
Surprised of how much work some would go through to screw over someone else’s life
There is no rest for the wicked.
Yeah unless its personal i dont understand why someone would do that. Maybe attention idk
Cluster B.
Yea tha apocalips digitally .. instah boskito man gen or. ..treated acat gen .. Lak in stock option or critpto or investam schim thy all rug pule or scam hak atha .. weting file and time and hope an drims from 2010 on 🎉
This is why I am not visible in the internet. Regular searches for your name will return a list of names like yours and maybe a couple of social media accounts but thats all.
For resetting password why card details? And how did he login in the Amazon account
That's not hacking. A bit of research, and social engineering, but that's it. That's how simple it really is.
Practically speaking that is hacking to the general population.
Not misused like when media calls modifying a url to hit an unpublished link "hacking", this took some real knowledge and skill.
It was exploiting the security systems of today using weaknesses and loopholes. That's still hacking.
Where tf is actual hacking this is fucking stalking but hard
Average apple user problems
> reveals personal email and home address
> hacker fools Amazon into giving him details about the dude
> hacker breaches into Twitter, Apple and Google accounts with that data
> Apple is to blame
🤦
Yes, who google doesnt have this type of password reset.@tdrg_
Sounds like Bs to me
wtf that was way too easy .. it shouldn't be this way
"shouldn't"
@@tsuruginohikari6739 what ?
@@tsuruginohikari6739are you dumb
@@sidd8087it's only as easy as you make it. All the information the "hacker" got was provided by the person being hacked...
I assume back in summer 2012, amazon and apple worked differently given Mat exposed crucial information. Honestly I don't get either how his credit card let his acc to et compromised...They are terrible passwords.
Why did he expose most of his personal info online🤦🏻♂️
He's a journalist.
And it was only his address and email. You know, stuff that you need to make known if you are a public journalist so that people can send things.
You do not have to give your address tho,e-mail I get it,but at least an e-mail address that is not linked to other social media accounts, etc.
@@phillydee3592 true but its not crazy for him to do that at least compared to other people
he learned cybersec the hardway and that not everything is ever safe in the cloud
Anyone could do the same thing if they're petty enough and have lots of time.
Reasons you don't trust everything to the cloud. Making a offline backup of important things is essential. And when i mean offline i mean outside of your PC. I still have CDs from backups i did in 2005 lol.
Everyone here tries to argue which company failed...in reality, the TECH journalist is the only person who failed here. This is why you do not post your real information online, you use multiple email addresses with different aliases, different passwords, diff cards for diff accounts, even the spelling of your name, flip a couple of letters around and call it a typo if anyone questions, dont use cloud services for anything important. A tech journalist ahould know this and whatever you do, do not post your address and photos showing your house/street in the background etc. Its really easy to have your life ruined by someone driven..
Hackers ruined a mans life by picking up his dropped wallet. They opened a cheque account and stole his money. This was 1963.
If you read the fine print for iCloud, it will tell you that it’s not a backup and that you are responsible for your own back up method.
Aaaaaaaand I bet you my last dollar that if the Hacker tried the SAME THING AGAIN because Amazon & Apple ONLY Huff & Puff and do nothing else
The two step verification methods helps because lately I’ve been getting emails saying that someone is trying to reset my password; which they can’t because then it would proceed with a voice verification, which is something I, myself have access to.
Use two-factor authentication on everything, especially social media, because it's a big target. Sure, it can be annoying, but less so than losing access to your accounts. Hardware keys are best, but authenticator apps work ok. Try to avoid text or email codes when possible since they are not encrypted and are easy to steal. (still better than nothing.)
android users having 2618372 google accounts:
When you rely on apple for protection😂
What ?
Did apple force him to share his fucking physical address to the public? or email? no. Go cry to your huawei piece of shit.
Well it isn’t Apple who caused this in the first place. Amazon gave the hacker literally everything they needed to hack not just into his Apple account, but his Twitter and Google too.
This is BS i work for a Security firm and do ethical hacking and penetration testing. Not everything is a movie or mission impossible.
Wait how can Amazon do that???!!! Also why do u need credit card for google authentication?? I think u skipped something......
Bwaaaaaahahahaaaa!! "DIGITAL JOURNALIST" gets crushed by his own lack of credential coverage.
I was a victim in feb this year😢. I don't know how. But i guess it was computer virus that destroyed all my digital accounts. I used a lot of crappy softwares as i have a cellphone shop , i used this device to unlock phones etc.
That's why in India without an OTP(One Time Password) you can't perform a reset on a password. Even Apple is obligated.
No! A person working in technology who understood so little about it that he put everything needed to screw up his life online... surely not. It's not like my industry is now full of such people, dishing out commentary and advice to other people.
Somebody tried this on me a month ago 😂
My iCloud and Amazon started sending me verification codes and such. The wannabe hacker didn’t get shit 😂
So instead of using a redirect email thats available from Gmail, the tech journalist publish both email and address?
Yup, that's a juggalo alright.
Life in prison is a bit soft for such a foul act.
Knowledge is power. Wisdom is greatness. You figure everything else out on your own. But still will make mistakes.
But also - don't leave easily identifiable information like your address or phone number on the internet... weird that a technology journalist doesn't know what age we live in
Btw, this is how most of the hacking is done. No fancy hacking the mainframe. Its just some of kind of an asshole, pretending to be someone else.
This mostly shows the weakness in password reset system. Often 2fa is not really two factors as you can use one to reset the other. Security is simple until you need to setup new passwords without physical contact.
Hahhhhaahahhahaha the game never ends. Just make sure you pick the correct side. So if they ask you to do something. You might want to do it.
If Matt had two factor authentication, this probably could've all been prevented, if not completely mostly prevented.
I don't care about journalists
The mention of the hackers age implies their identity is known. Maybe mention their punishment to keep like minded people at bay somewhat.
He must have did something personal to that 19-year-old becadoes the he went for the gusto
I tried to get my card number from us bank online and it wouldnt let me access it til i got a code sent to my phone. I was aggravated at the time but then iw as like hmmm good idea.
Love how the people here think Amazon "ruined" his life.
Its not like it was his decision to use their services, lmao
Sounds like BS, or they omit a lot of details how it was actually done and how he messed up by doing something.
Why? What's in it for that 19 years old student? This is beyond stupid.
Wasn't this the guy who who made contact with the hacker and said tell me how you did it and I won't press charges?
Common Amazon L 🤡
Its ok, everything working just fine. Everyone just playing their role.
Dear god. I barely have energy to breath. I wonder how some ppl get the energy they do shit like this.
Again this is why f2a is bad and anything other than password is wrong unless its physical.
Do people honestly trust "the cloud" with such important backups?
Wooow. Smh.. Lol
This why you don't put your info on the internet. First thing all 90s kids knew.
They should turn it into a business. To delete you off the internet. I would pay for that for sure
This is why I don't have a digital life lol, not on any social media either
RUclips is a social media
This is why Apple products are not worth buying.
Why are people like this. For real man , making shat for others for no reason
This happened YEARS ago. All because the hacker wanted @mat.
A real failure by Amazon and Honan!
Mat Honan should have know better that to have NO back ups, I taught My nephews and nieces to run the basic "Son, Father, Grandfather" back up cycle, especially when they were at University so if they had a data loss it would be limited to one day, and they are never left plugged into their laptop.
Yeah have TB upon TB of the most nasty porn backed up
He started making local backups...instead of using 2 factor.
"technology journalist"
- Street address out in the open
- You can login Apple account with last 4 digits of your credit card number, which can also be brute forced.
- Google account can be accessed via Apple account
Everything he has can be compromised just by guessing 4 digits. And his solution was backing up stuff locally. Bro losing your data is not even your main problem.
I call BS on the 4-digit login n all that, but if this is true that’s not a very good technology journalist.
‘Gotten’ in a non American accent sounds utterly pathetic. Toad.
That's why you need OTP or 2FA for added security measure.
What was even the point of this? Just seems like random malice.
Just saying that the clip showed him failing a captcha so he must be a robot
The reason why I don't use apple products bc of this sole incident
amazon create a new account after saying
your mail address sends OTP code
To reset the Apple account password, the last 4 of his CC were needed?
Bs story
What passes off as a "Technology Journalist" nowadays.
What did he do to piss who off so bad they wrapped this guy up like that?
I hate the way the terms "hacker" and "hack" have become so misused.
companies like gaytube telling you to enter your real name and address
His fault tho, like why show so much info. And amazon too
All because he had a coveted 3 letter username on twitter.
**Some** hackers also take revenge on greedy people or scammers
Some people in this world don’t deserve to use technology
lol what’s the point if he didn’t get any money out of it
Looks like he hasn't ruined his life, but taught three important lessons: 1)do your own backups, 2)limit the amount of identifiable info you're giving away and 3)don't use apple stuff.
Big W here.
1. Good advice if you know how to manage it
2. Best advice
3. Braindead advice
@@tdrg_ sorry mate, but modern apple stuff nowadays is just plain awful and their security is questionable at best.
@@PhobosTK as proven by?
This is so confusing and could've been so avoidable!
Technology "journalist" aren't human