I never got the band name or least favourite job, though. Paul did confirm that the answer to the teacher question was on my list though, so I would have eventually come to the right one.
After less than a dozen attempts at guessing, I was locked out of his account for eight hours. I also got a list of artists he’d liked on Facebook and picked the earliest as my first guess. I used this to get a list of teachers from this high school from a teacher rating site. So now I just need to know two of the following: the name of the first album he owned, the name of his favourite teacher, or his least favourite job.įrom Facebook I found out which high school he’d attended.
That got me past the first two steps on the password reset site. We’re already friends on Facebook, where his birthday is available, and I already had his personal Gmail address (which is also available online following a quick Google search). Getting Paul’s date of birth and email address was easy. To see how difficult it is to crack someone’s account, we’re going to try and access each other’s accounts and see how far we get. The Guardian has seen forum threads where people have allegedly used the methods above to access people’s iCloud back-ups to obtain photos. What is the name of your favorite sports team? What is the name of the first beach you visited? What is the name of the street where you grew up? What was the first name of your first boss? Here are a few of the 21 security questions you can choose:
The main issue with this setup is that if you’re a celebrity, or are someone who has been using social media for a long time and revealed various details about your life, then the answers to the security questions could be available online.
While we don’t know the exact method people used to access celebrities’ accounts, Apple did release a statement which appears to confirm that a method similar to that described above was used. Once you have access to their Apple ID, you can access recent photos and back-ups if they have these features enabled. If you have all these, you’re able to reset their Apple ID password to one that only you know and then access their iTunes and iCloud accounts.
This is assuming they don’t have two-step verification enabled. Accessing someone’s Apple account requires only three things: their email address, their date of birth, and the answers to two out of three security questions.