The “Break it Down” Blog

They say that the chain is only as strong as the weakest link… unfortunately for you, if that weakest link is a retarded Customer Service Rep at Apple and he’s reading an email that says:

am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com

And decides “Heck, I should probably email this random person that account’s password and be done with it”, you are in a world of hurt.

Did I mention that this is exactly what happened to Marko Karppinen?

The worst part is that I don’t think this is that far out there… I think most Customer Service Reps that work at these CS Centers are so under educated about security that they think they are helping… like calling AOL and telling them “your internet is full!”, they just want to help.

Unfortunately for Marko this means that whoever got access to his account also has access to:

• Personal details
• Personal email
• All the files stored on my iDisk
• Everything I’ve synchronized to .Mac, including my Address Book, Bookmarks, Keychain items, etc.
• My credit card details as stored in my Apple Store profile
• My iTunes Music Store Account
• My ADC Premier membership, including the software seed key and other assets
• The iPhone Developer Program’s Program Portal, including details of our development team

That’s just insane… this is certainly the downside to the “sync everything to a central account” approach that Mac provides… when things fall apart, they fall apart hard. What if that person farmed his address book, email and erased (or copied) his iDisk before logging off? Well that sure sucks, but Apple isn’t going to help Marko out here, how could they?

Besides changing his password and watching his account like a damn hawk, I doubt there is much else Marko can do.

Good luck buddy, I hope nothing bad happens.