Last week Mat Honan was hacked … seriously hacked!
As Mat tells the story on Wired.com, “I realized something was wrong at about 5 p.m. on Friday. I was playing with my daughter when my iPhone suddenly powered down. I was expecting a call, so I went to plug it back in.It then rebooted to the setup screen. … I entered my iCloud login to restore, and it wasn’t accepted. … I went to connect the iPhone to my computer and restore from that backup — which I had just happened to do the other day.”
“When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.I didn’t have a four-digit PIN. … By now, I knew something was very, very wrong.”
In matter of minutes someone had accessed his Apple iCloud account and remotely wiped his iPhone, iPad, and MacBook. Everything was instantly deleted … his apps, his documents … all of his photos of his young daughter … everything gone in the blink of an eye!
So how did this happen?
It was easier than you think, and it didn’t involve using sophisticated software to crack his password. It simply involved using a few clever tricks – involving Twitter, Gmail & Amazon – that allowed the hacker to get access to Mat’s mailing address and the last four digits of his iTunes credit card number. That’s all that Apple required in order to reset Mat’s iCloud password and give the hacker full access to Mat’s data, including the ability to do a remote wipe on all devices associated with that iCloud account … which he promptly did.
You really should read Mat’s full account of what happened – it is fascinating and thought-provoking – and give serious thought to your personal online security. And if your business has a BYOD policy, your employees are using Twitter, Gmail, Dropbox, Box and other online services that could put your corporate information at risk.
So how can you avoid being hacked like Mat was? First off, you should know that Apple has suspended the ability to gain access to your iCloud account with your mailing address and the last four digits of your credit card number, so that is a temporary fix for that issue.
Farhad Manjoo, writing for Slate.com, outlines four steps you can take now to protect yourself.
- Turn on two-factor authentication now! It’s available on Google and had Mat been using it, the hackers could not have accessed his Gmail account.
- Back up your files! Use Time Machine on your Mac. If you’re not using a Mac, find an online service that will backup all of your files. There are many affordable options; there is no excuse to not back up your data.
- Turn off “Find My Mac”! It is not very secure as currently implemented and will avoid allowing someone wiping your hard drive.
- Create a single, secret account for all password resets! Don’t use your current email address for this; make it difficult for a hacker to use password reset requests to access your accounts.
In a prior blog post, we cautioned about using simple, easy-to-hack passwords and recommended using a password manager to provide an additional layer of security. But Mat Honan’s experience proves that having strong passwords is not enough. As online & cloud service become more mainstream, security concerns will likely take center stage.