The reality of all things concerning your online security took an oddly frightening turn this weekend when well known tech writer Mat Honan’s digital life was “destroyed” in the span of an hour. You can read his full and scary account for Wired of what happened when hackers took control of just not his gmail, Apple iCloud account, Twitter account but remote control of his iPad, iPhone and MacBook. Yes, he lost control of an iPhone that was being wiped and rebooted remotely, right in front. of. his. face. And there was nothing he could do to stop it. But there were things he should have done.
And there are things that you should do too.
First, Mat Honan was targeted because he had a valuable and rare three letter Twitter account name, @mat. They wanted a valuable target and reality is that most of you reading this are very, very unlikely to be subject to a random, specific hack like this… But, it may happen, and a larger scale theft of passwords and account data happen regularly so, don’t think you’re immune.
According to the story, in his discussions with one of the hackers, (yes, I find that odd too, and more on that later) he told Honan that it was the originally intended target. But in the scorched Earth mentally of many a hacker, they also erased all of Honan’s data, including his photo collection of his year old daughter. I find the part where he talks with this hacker and almost reads like he understands and forgives him, a bit hard to swallow. The pessimist in me almost smells something fishy here, like, Mat knew that this story would attract a lot of attention. But, I am going to assume its all for reals, and the reality is that the message is very important.
You really should read the full account of how simple this was for the hackers to do this, but for those of you that are lazy, here’s the gist: Hacker’s were able to use the fact that Amazon and Apple both will give and accept data from a person’s account that can be accessed without any real traditional hacking. In fact, in this instance it was a lot of convincing of a lazy customer service person to change account information by using online social/personal information gathering tricks. It turns out that the little info Amazon would pass along, because they had been convinced it was Honan they were talking to, was just enough information for the hackers to access Honan’s iCloud account… From there the destruction began. Both are giant, gaping security holes – both which Amazon and Apple claim they have now fixed.
But if you have a gmail account, especially if the prefix of it (like the peet2 of firstname.lastname@example.org) is the same for other things like iCloud, hotmail, etc – please turn on Google’s two-factor authentication (watch video below). It is a bit of work, but it will save your account from being hacked, too easily… it is also important that you consider your passwords. “pass123”, or your birthday, kids names, etc just aren’t going to cut it. Make it at least eight digits, use letters, numbers, caps, etc… You can even try the much loved 1Password service. If you’re an iCloud user, turn off “Find My Mac” until Apple closes their hole, also don’t use your iCloud email as a password recovery account for Gmail, hotmail, yahoo! and others…. Set up a blind account that you only use for this purpose… (the new Outlook.com would be great for this)…
The bottom line is that as we move to putting all of our stuff on a cloud, not just Apple’s iCloud, the possibilities of our data and information being stolen become greater and greater… You need to take the time and steps to protect yourself.
- Apple freezing iCloud password changes following Honan hack (theverge.com)
- People, not passwords: The real lesson from Mat Honan’s iCloud hack nightmare (digitaltrends.com)
- Apple admits fault in iCloud hack situation (macworld.co.uk)
- Hack reveals Apple, Amazon’s gaping security flaws (venturebeat.com)
- Apple tech support gave hacker access to reporter’s iCloud account: Reports (todayonline.com)
- AppleCare iCloud password reset reportedly allowed hackers access pwn journalist’s digital identity (9to5mac.com)
- How the iCloud Hack Happened and How to Avoid Being Next (scientificamerican.com)