With just a few easy details in hand, a hacker can drastically change your life. Wired technology reporter Mat Honan’s digital life was recently abolished by a couple of hackers who ultimately sought access to his three-letter Twitter handle, @Mat. Within a matter of minutes, they deleted his Google account, erasing years of communication with technology influencers. They wiped each of his Apple devices, including all existing photos of his baby daughter. And finally, they took over his Twitter.
Mat has written a full account (a worthwhile read) on how these hackers destroyed his digital life with such ease. Access to Mat’s Gmail led them to his billing information stored in his Amazon account, which provided them with the credentials to access his Apple ID and iCloud, and eventually his Twitter handle.
Mat’s story has had a strong impact on the security and technology industries. As professionals and consumers, what can we learn?
- Use two-factor authentication—Mat believes that had he set up two-factor authentication on his Gmail account, the hack would have been foiled from the start.
- Avoid linking accounts when possible—Mat’s various accounts were all linked, providing access to one another.
- Vary your email addresses—Mat’s email addresses each had the same basic format, so the hackers could guess any that were unknown.
- Back up your data in a hard location—Mat lost private photos and documents that were only saved on his computer and iCloud.
- Be wary of using Find My Mac tool—Hackers can use this tool to remotely wipe your computer.
One of the hackers has been in touch with Mat since the incident, saying, “He likes to publicize security exploits, so companies will fix them. He says it’s the same reason he told me how it was done.” It’s true—this story has highlighted a number of security holes in the companies we trust most with our personal data. Apple, for instance, has put a lockdown on over-the-phone Apple ID resets, and Amazon will no longer allow customers to change account settings via phone.