All the security in the world can be rendered useless by human error, it seems. Marko Karppinen, a software designer, says Apple gave his password to someone who simply emailed them and asked for it.
Allegedly, the following email was enough for Apple to hand over Marko’s login information to a stranger with a yahoo.com email address:
am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com
The stranger then logged in to Marko’s account and changed his password. Fortunately, the security question stayed the same and he was able to regain access to his account. Meanwhile, the stranger had access to:
- My personal details
- My personal email
- All the files stored on my iDisk
- Everything I’ve synchronized to .Mac, including my Address Book, Bookmarks, Keychain items, etc.
- My credit card details as stored in my Apple Store profile
- My iTunes Music Store Account
- My ADC Premier membership, including the software seed key and other assets
- The iPhone Developer Program’s Program Portal, including details of our development team
Apple just gave out my Apple ID password because someone asked [Karppinen](Thanks, Ivy!)