Tech Journalist Mat Honan’s Horrific Hack Story & How You Can Keep Your Cloud (Online) Data Safer: Over the weekend tech journalist Mat Honan had his Gmail, iTunes (Apple’s music/video store), iCloud (Apple’s online storage account for Apple Mac, iPhone and iPad owners), Amazon and Twitter accounts broken into. It seems a 19-year-old hacker liked Mr. Honan’s Twitter name and decided to hijack his accounts to that he could post comments on Twitter from said Twitter account. This hacker and his partner succeeded in their hack in the main because Apple and Amazon, in their quest to be user friendly companies that make the process of buying items online easy; didn’t have and/or follow appropriate security measures. It turns out that the hackers were able to break into all Mr. Honan’s linked accounts by searching for his address information online, breaking into his Gmail account and obtaining his alternate email address and then by calling Amazon twice. The first time the hacker called Amazon he pretended to be Mr. Honan and asked to attach new credit card number for purchases to his account which Amazon Customer Service allowed him to do; and the second time he called he claimed he had forgotten his (Mr. Honan’s) log in information but could provide a credit card number – the credit card number he had given a different Amazon representative minutes before – and with this information in hand the hacker and his partner were able to also log into Mr. Honan’s iCould account and both re-set his iCloud log in information and remotely erase all the information he had stored on his iPad, iPhone and Mac – including photos of the first year of his young daughter’s life.
Mr. Honan knew within half an hour of the hack that someone had broken into his accounts and spent a great deal of time and effort on the phone with several Apple Customer Care reps to try and sort out the issue. Because Mr. Honan was quickly aware of the hack within a few days he was able to get access to most of the hacked accounts restored. However, he is still trying to restore access to his Gmail account and to get his iCloud data restored. And Mr. Honan knows all the details of this saga because after the hack he was contacted by none-other than the hacker himself who explained in detail how the hack had been carried out.
And I think two of the big things we can take-away from Mr. Honan’s experience are:
1) Back Up Your Data: Always back up important personal data like irreplaceable photos either to an external storage device or an online data storage site. Mr. Honan as a tech journalist does state that the fact that he didn’t back up his data was his own fault and a big mistake.
2) Don’t Use The Same User ID For All Your Online Accounts: Don’t link all your online accounts by using same user ID. Mr. Honan’s experience wouldn’t have been quite as horrific if he had used a different user ID for his Apple iCloud account as compared to using the same user ID for that account that he used for his Apple iTunes account; because the hackers wouldn’t have been able to get into his iCloud account with that same information (and thus would not have been able to remotely wipe out all the information he had stored on his iPad, iPhone and Mac).
And two other things we should all remember to keep our online accounts safe regard passwords:
1) Don’t Use Simple Passwords: It is human nature to want a simple password for an online account – one that you can easily remember. However, if you can easily remember your password then it may be one that hackers can easily guess. One of the ways to create a password you can remember that isn’t simple to guess but is simple for you to remember is to turn a catch phrase into a password. For example, CNET gives the following example using the phrase “I hope the Giants will win the World Series in 2013!” – they take the first letter of each word as it appears in the sentence and use those letters along with the four digit year to create a password. Thus the phrase “I hope the Giant will win the World Series in 2013” becomes IhtGwwtWSi2013! – and that is a much better, safer and harder to crack password than some of the simple easily cracked passwords people tend to use like “123456,” “11111,” “qwert” or the first name or birthday of the password owner.
2) Don’t Use The Same Password For All Your Accounts: This is another item in the – it is human nature vein to want passwords to be easy to remember. Many online residents in trying to remember their passwords use the same password for all their online accounts – and that is a big no-no; because if your log in information for all your accounts consist of the same email address for the user ID and the same password for each account – a hacker can break into all your accounts by determining what your email address and password are.
CNET offers two great articles on the subject of creating secure passwords. The first is titled The Guide to Password Security and Why You Should Care and it offers additional insight as to why this issue is so important today. Here’s the link:
And the second CNET article is titled How to Master the Art of Passwords, and it describes just that – how to create great passwords:
http://howto.cnet.com/8301-11310_39-57347932-285/how-to-master-the-art-of-passwords/
Likewise the tech site Gigaom offers an article titled 6 Ways to Keep Your Data Safe in the Cloud which discusses ways you can protect your online date; it can be accessed at this web page:
http://gigaom.com/cloud/6-ways-to-keep-your-data-safe-in-the-cloud/
And for those who’d like to know more about Mat Honan’s story here are links to two articles that offer the entire story;
The first is a simple overview from the New York Times Bits Blog, titled Apple Account Break-In Highlights Security Weakness:
http://bits.blogs.nytimes.com/2012/08/06/mat-honan-itunes-hack/?ref=technology
And the second is from Mat Honan himself, via his Wired column, in an article titled: How Apple and Amazon Security Flaws Led to My Epic Hacking:
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
Linda R.
Tech & Book Talk at SSCL 