Last Friday Mathew Honan, a tech reporter with Wired.com, experienced a hacking incident that perfectly illustrates the vulnerabilities we expose when we rely on cloud services, linked accounts, and — especially — use of one favorite master password for multiple accounts. There’s another moral to this story: back up your stuff, and not just to the cloud!
The trouble started Friday when Honan noticed that his iPhone suddenly quit working. This was followed by a quickly growing realization that a hacker had gained access to his iCloud account, remote wiped his iPhone, remote wiped his iPad, and then accessed other accounts, including changing his Google account password and hijacking his Twitter account.
As the story unfolded, Honan found out that the hacker hadn’t actually cracked any of his passwords; he merely talked an Apple representative into believing he, the hacker, was actually Honan. Eventually, Honan discovered that by using the last four digits of his credit card, displayed in his Amazon account, the hacker was able to verify with Apple that he was Honan. This sort of thing is called “social engineering, and things like your answers to your account’s secret questions can be easy for people to guess or find on the internet. Don’t use questions and answers that anyone can figure out by Googling you, or stalking you on Facebook. This includes kid and pet names!
And there are some needed security procedure changes at companies like Amazon and Apple, too, as Honan’s Wired.com story about the hack shows. Check out his story, which went online today, for a complete overview of exactly how the hack occurred.
Another immediate take away from this story is the need to use complex passwords that are eight characters or longer, and you should change them on a regular basis. This MacWorld article discusses Honan’s situation and goes into quite a bit of depth about creating a secure password.
Next lesson: don’t trust the cloud with the only copies of your data. There are inexpensive software packages and external drives you can use for home to back up your data on a regular basis.
Finally, if you use Facebook or Twitter, double check which applications you’ve granted access to these accounts. Well-known gadget review blog, Gizmodo, found its Twitter account hacked because Honan’s Twitter account was linked to it.