nassarahmad
Beta member
- Messages
- 1
- Location
- Nassar
After the recent leaks of major celebrity I was curious on how all the personal data was actually taken. They claim ICloud hacks but I know it's not easy to hack the service so I knew they had to do it another way. So I took it upon myself to give it a shot. First let me say no personal data was actually stolen, taken used or even seen I just wanted to know if I could access it. It was simply an experiment I pulled on a friend. Also I get really bored at work and like to pick on my friends. So this is going to say how I went about getting the data.
Ok, first things first choosing a target. I had to make sure the target or anyone else involved would have no idea what I really wanted to do and would not even guess that I was trying to "hack" them. After you choose your target you gather all the information you can on them and keep it for password recovery's and security questions. To get this data you can look up anyone online and find all there information, mother's maiden name, address, phone numbers. All common security questions.
I was not able to recover the password I needed. G mail has really good security questions which would probably stop the real owner from recovering. So naturally I changed my tactics to social engineering and trying to come up with a scenario where I might need it.
The best part is the password was a variant of "password" one of the most common and easily guessed passwords ever and I highly recommend no one ever use that as a password. The hardest part is getting the password after that it's all smooth sailing.
Most People use the same passwords for multiple accounts so once you get one you can pretty much access half their accounts and most emails. Other services require a backup email to recover your password from so here you go now you have access to 75% of everything. I didn't even want to try messing around in any bank accounts but I'm sure if I tried I could have got in no problem especially because banks have generic recovery questions.
Now that you have all this you could probably get into someone's ICloud service no problem and go through all the data stored there but in my situation I couldn't. There ICloud wasn't set up. So again I had to find a way to get into their personal device to set up ICloud. What's the best way to get into someone's phone? Well after they have been drinking a bit people usually stop caring and you could do what you want and voila.
So the message here is when you see the little warning label that says “Never give your password to anyone†believe them.
*Again I did not ever open use or even look through any of their personal data once I found it worked the test was over and everything was shut down. And I will be linking said target to this page and hopefully she won't kill me and take it as a learning experience! If it was someone else it could have been used with bad intentions. And I'm not a Creep and I Hate you too.
Ok, first things first choosing a target. I had to make sure the target or anyone else involved would have no idea what I really wanted to do and would not even guess that I was trying to "hack" them. After you choose your target you gather all the information you can on them and keep it for password recovery's and security questions. To get this data you can look up anyone online and find all there information, mother's maiden name, address, phone numbers. All common security questions.
I was not able to recover the password I needed. G mail has really good security questions which would probably stop the real owner from recovering. So naturally I changed my tactics to social engineering and trying to come up with a scenario where I might need it.
The best part is the password was a variant of "password" one of the most common and easily guessed passwords ever and I highly recommend no one ever use that as a password. The hardest part is getting the password after that it's all smooth sailing.
Most People use the same passwords for multiple accounts so once you get one you can pretty much access half their accounts and most emails. Other services require a backup email to recover your password from so here you go now you have access to 75% of everything. I didn't even want to try messing around in any bank accounts but I'm sure if I tried I could have got in no problem especially because banks have generic recovery questions.
Now that you have all this you could probably get into someone's ICloud service no problem and go through all the data stored there but in my situation I couldn't. There ICloud wasn't set up. So again I had to find a way to get into their personal device to set up ICloud. What's the best way to get into someone's phone? Well after they have been drinking a bit people usually stop caring and you could do what you want and voila.
So the message here is when you see the little warning label that says “Never give your password to anyone†believe them.
*Again I did not ever open use or even look through any of their personal data once I found it worked the test was over and everything was shut down. And I will be linking said target to this page and hopefully she won't kill me and take it as a learning experience! If it was someone else it could have been used with bad intentions. And I'm not a Creep and I Hate you too.
