Filed under: Apple Corporate, Security, Developer
iPhone dev: Apple gave out my password
Marko Karppinen, an ADC Premier member, iPhone developer, and user like the rest of us, had his personal information released by Apple to an unknown third party, simply because of this one-line email:
am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com
Apple -- apparently with no additional research -- reset Karppinen's password, and changed the email address on the account to the perp's. As a result of the login change, the perp had access to Karppinen's credit card details, developer software seed key, and the contents of his iDisk.
Karppinen, understandably, was livid, and sent ADC an email about what happened. A team lead from ADC's European support organization contacted Karppinen, apologizing for the mix-up. The rep promised to find out (from Apple's own logs) what information was compromised.
Apple has so far not commented on the incident, outside of what Karppinen says the ADC rep told him. It's unclear what Apple will do in the future to prevent this from happening again.
[Via Daring Fireball and The Consumerist.]
Get a WordPress.com Blog
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Mathias said 12:45PM on 7-09-2008
"It's unclear what Apple will do in the future to prevent this from happening again."
Maybe... Ask for confirmation? Just a thought.
Reply
farfisa said 12:49PM on 7-09-2008
Somebody better tell them that those other emails aren't really from Bank of America and they don't really need to update their banking information by clicking the link in said emails.
Reply
Erno Miettinen said 12:49PM on 7-09-2008
This is sick.
Reply
Oliver said 12:49PM on 7-09-2008
he might wanna brush up on his grammar skills first.
Reply
Andrew said 8:41PM on 7-09-2008
He? You mean the criminal that sent the stupid message in the first place? If anything that should have told Apple something about the person emailing them.
Travis said 12:50PM on 7-09-2008
Why would anyone store their CC numbers on a web page?
Maybe Apple was confused by his email.
I still don't understand what "am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com" means.
Reply
Desterado said 12:55PM on 7-09-2008
Way to NOT read. They are not "Stored on a web page" they are stored in his apple store profile like many many other people. Many websites automatically story your credit card info for future purchases.
Carl said 1:29PM on 7-09-2008
Can we please not take every totally subjective and one-sided private blog (not news) story and put it up as facts?
The headline of the "article" on his page is so attention whoring, it really hurts.
It so happens, the man has a Mac software company...
Stop writing crap articles that start with "Apple has done x and y to me" !!!
All I read is: I am a total douchebag that wants someone to listen to me.
Doesn't it strike anyone suspicious that the dude that took his details obviously knew this guy? Why didn't he even delete the message from .Mac if he already had the Apple ID password?
Geeez, he must have been a real moron. "Hacks" that account and then leaves his name and email address behind... hmmmmm
Reply
homagetogorto said 1:18PM on 7-09-2008
"It so happens, the man has a Mac software company... "
... that happens to sell encryption and backup software. Hmmm.
King Fysel said 12:55PM on 7-09-2008
All your passwords are belong to us.
Reply
tim said 12:56PM on 7-09-2008
To those who aren't understanding it: a phisher sent that forged email directly from his own email account to apple saying "Hello, I have lost my password, can you send me login info for my account, and change it to match this email marko.[redacted]@yahoo.com?" and Apple did without checking anything, let alone the horribly broken grammar.
And to the guy who asked why you'd store your credit card anywhere, it's because he had to to use their services.
Reply
JasonL said 1:05PM on 7-09-2008
Alright already. Enough with this stupid story. It's been on Digg, it's been on consumerist, it's been on AppleInsider, it's been on CultofMac, it's been onMacRumors, etc etc etc.
How many sites need to post the same daggone story?
Reply
ryan10ad said 1:18PM on 7-09-2008
A hell of a lot until they find the (bad word) guy who sent that first email. Then the employee.
James said 1:37PM on 7-09-2008
Not everybody reads exactly the same sites you do. This if the first I heard of it. How many sites can post this story? As many as have readers that might find it interesting.
Tony said 1:54PM on 7-09-2008
Well it certainly hasn't been on MacRumors, or AppleInsider. Never heard of the two others and I never look at digg, so this is the I've heard of it too.
Pretty poor that apple don't have proper security procedures... in fact unforgivable for a company that size.
Dave said 3:10PM on 7-09-2008
Funny, this is the first place I saw that story even though I read many of the sites you say covered this first.
Even though you've been voted down to non-existance with your comment, I do understand the frustration with what has become essentially the "echosphere."
If you read more than one Apple site, you're bound to get duplicate stories. What's really sick is you often get something like this: Tuaw has an article that says Ars is reporting blah blah blah, and then when you get to Ars, it says "Gizmodo is reporting", link to Gizmodo which says "We found this story on MacWorld" ad nausuem.
If it's driving you nuts, you're probably reading too many RSS feeds. Either trim them down, or just deal with the duplication of stories. Guess what, it's not just the blogosphere that this happens in. Turn on the TV sometime and check out the local news. ABC talks about the big fire in Malibu, turn to NBC, and duh! they have a story on about the fire as well. Damn them, how dare they run a story that ABC did, well that's it, I'm tuning in CBS. Oh oh! They've got a story running about the fire. Unbelievable bastards! And then of course, you'll get the NBC newscast that will start out with "The Los Angeles Times today is reporting blah blah blah", and then if you go to the newspaper, you'll find they're citing some other source.
I don't know if this means there's not enough stories out there, or there's too many outlets for the stories that are out there, but it's the state of current modern media.
Hey, I may clean these thoughts up, flesh them out a bit, and post them on my blog at http://thedigitaldive.net/blog/ thanks for the story idea.
CaptSaltyJack said 3:29PM on 7-09-2008
Your rant is ridiculous. It's like if there was this guy who subscribed to eight different newspapers across the country, and kept bitching about seeing the same articles.
Congrats, you're a moron.
Michael May said 6:04PM on 7-09-2008
"Hey, I went on my RSS feed today and all my mac news sites were reporting about the same Steve Jobs keynote!"
o.0
ars_workerbee said 1:18PM on 7-09-2008
"As a result of the login change, the perp had access to Karppinen's credit card details..."
Unless you count the last 4 digits of a credit card number as "details", that's patently untrue.
Apple does not allow you to view your CC details through your account other than the last 4 digits.
It is true that he could have used the stored card data for iTunes Store purchases, but that's about all.
Reply
mark said 1:23PM on 7-09-2008
I don't know what is worse: the poor grammar in the email, or the IDIOT who works at Apple. Can I have a high paying job at Apple too? I promise to be a complete moron and screw things up just as fast as I can.
Reply