Lessons to learn from Mat Honan’s epic hacking

If you haven’t read about this hack already, take 20 minutes out of your day and read through the article attached below. While the importance of complex passwords, separating your accounts and more can’t be over-stated, there some simple things you should do right away, for example:

  • Enable two-factor authentication in Gmail so that accessing it requires two items — your password and a one-time code — to make it tougher to get in.
  • Facebook has a few security settings that you should make use of. Spend a few minutes, clear out unknown sessions and devices, and enable notifications when your account is accessed on an unknown computer/device.
  • Don’t ‘daisy chain’ your critical accounts — ie, prevent making two very active accounts the recovery/backup account for each other.
  • This one is for everyone that has asked me for this advice over the last 5 years — no, don’t click on a link or open an attachment to something you do not know or understand. If it was really important, the person will find a way to make sure you see it.

The article is a worth read to understand sometimes how simple it is to get access to your life. Don’t get me wrong, I’m a big advocate of the web in terms of function, use and all that pretty stuff. But everything has its cons so let’s not be careless about it.

To the experts, I say we really need to look at some standardization. The line — ‬’[t]he very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification’‪ — concerns me deeply.

Meet Mat Honan. He just had his digital life dissolved by hackers. Photo: Ariel Zambelich/Wired. Illustration: Ross Patton/Wired
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
Chirag Desai @Chirag