|
|
|
|
|
|
by neuralzen
2514 days ago
|
|
|
Unfortunately it is never that simple. Even if you have thing well plugged on your end, other software /services that interact may provide a path. I recall one instance a few years ago where a hacker chained password recovery services together to breach an apple account, by bouncing through Amazon. One of the password recovery methods for Apple at the time was providing the billing address, and at Amazon you could recover a password by providing the full CC# of a card on file. But Amazon also let you add a CC# for an account you weren't logged into, so the hacker got a Visa giftcard, added it to the Amazon account of the victim, reset the Amazon password with that CC#, and then used the shipping address in Amazon to recover the Apple account password. Then there are the security holes that exist and are known about by select groups which they sit on and use for big plays... |
|
|