Recently in the news, a staff writer for Wired suffered a massive hack attack when criminals got ahold of his Apple ID information. Through that one access point, they were able to wreak havoc on his accounts, change his passwords, take over his Twitter – even remote wipe his devices, erasing precious family photos.
Mat Honan was the recent victim of an all out assault on his digital life, and it all started with Apple security faults. Using the last 4 digits of his credit card number and his mailing address, hackers were able to infiltrate his Apple ID account, and from there change the password on it and other accounts linked to it.
Not only was Mat hacked, he was completely locked out of everything, and by the time he realized what was happening, it was too late. Part of the problem was some obvious security flaws with Apple – they let hackers retrieve his account and reset a password without answering his security questions, and only required information that was easily accessible online.
However, it wasn’t just Apple’s security flaws that caused this domino effect – it was that so many other accounts can be accessed by another. Think about how many things you can do by ‘logging into Facebook’, and then think of all of the information you have stored with that account.
Quick and easy access with interconnected accounts is no doubt convenient and streamlines a lot of processes for us, but in this case, you get a glimpse of just how risky it can be. If a hacker gets into one of your accounts, how many more would he have access to?
It’s a scary proposition, and one that can wreak havoc on your personal, digital, and financial life incredibly fast. So what steps are you taking to prevent this from happening to you?
Here’s a quick rundown of some of the top security tips to prevent interconnectivity from biting you in the ass:
- Use two-factor authentication – One of the reasons that the hackers that attacked Mat Honan were able to get into his accounts so easily was because they only required a password to access them. With two factor authentication, you’re required to use two different forms of identification, usually a password or something digital to verify, and then something physical.
- Keep passwords unique – One really easy way a hacker can get the keys to your online kingdom is by trying one of your passwords on multiple accounts. Ask yourself – would it work in your case? Never use the same password for more than one account.
- Use a password manager – If keeping your passwords unique and secure is more than your brain can handle (and let’s face it, who remembers all of that?), then you may want to look into using a password management service. These services allow you to store your passwords all in one place using one ultra-secure key to access them easily.
Another thing to keep in mind with Mat’s story is that he also didn’t have his devices backed up, resulting in the incredibly unfortunate loss of some irreplaceable photos of his daughter, among other things.
In his own post about the incident, Mat kicks himself for not having his devices currently backed up, and blames himself for that loss. Even one of the hackers responsible for the problem lamented the loss of these photos, saying it was the actions of his partner that led to the unauthorized remote wipe of Mat’s devices.
If you’re not already backing up your devices, you can be at just as much risk for this as anyone else. Even if somebody doesn’t hack your accounts and remotely wipe them, just having them stolen can mean that everything on them is gone for good. If you’re not already using an online backup service, look into one right away.
If there’s one thing we’ve all learned from this unfortunate experience, it’s that there are some major downsides to all of that convenience and connectivity. We can never rely on the security of one account to protect the rest, and unfortunately, sometimes we can’t even count on Apple to follow their own security protocols.
Play it safe, follow these tips, and always be conscious of what a hacker would have access to if even one of your accounts was infiltrated.