Wired Magazine journalist Mat Honan had his life hacked over the weekend. Hackers exploited security weaknesses in Amazon and Apple’s iCloud service to take over his Twitter account and Google account. They used the Twitter account to post all sort of racist and homophobic messages. That’s embarrassing, but it’s also minor compared to what else he went through.
In a nutshell, the hackers were able to disable his iPhone, disable his iPad, and wipe his MacBook. As in erase everything, including the last year or two of photographs of his young daughter. (Foolishly, Mat did not have a backup, and he accepts that if he had one, certain irreplaceable things wouldn’t be probably lost forever.)
If you are at all concerned about having someone take over your digital life, you need to read that article in full. Right. Freakin’. Now. You need to understand just how easy it was for these hackers to bypass the security measures at Amazon and Apple. Once the hackers got through those, everything else was even easier.
Don’t think for a minute that Mat Honan set himself up as a target for hackers. They did it for a very simple reason that had nothing to do with him. You can’t assume that since you’re a “nobody” online that hackers wouldn’t target you.
There are lessons to be learned here:
- Back up your data. All of it. In multiple places. On my work laptop, I use an external hard drive divided into two partitions. One partition uses Apple’s Time Machine backup. The other partition is a clone of the hard drive that gets updated each night. I also use CrashPlan so I have an off-site backup as well. I figure three layers of backup, with one being off site, is a good level of protection. I duplicate this arrangement with the home laptop. With CrashPlan, I can back up unlimited data from as many computers as I want for one reasonable annual fee. They don’t advertise as much as, say, Carbonite, but I think CrashPlan is the best of the online backup options.
- Don’t use one email address and one password for everything. I’ve written about passwords before, and if you reuse passwords you’re a fool. I hate to be so blunt and insulting, but it’s a fact. Don’t reuse passwords. Period. Not even once.
- Use smart passwords.
- Turn on two-factor authentication on Google accounts. This takes a couple minutes to set up, but basically it requires anyone signing into your Google account to have your password and your phone. When you sign in, you’ll have to also type in a code from your phone.
Mat Honan’s story is an important one to read. I consider myself to be reasonably cautious about my online security practices, but I have to admit it: what happened to Mat scared the hell out of me. I’ve already gone and turned on Google’s two-factor authentication and taken other steps based on what happened to Mat Honan. (Needless to say, “Find my Mac” is now turned off.) We all know people who have skipped simple things and paid a price later. Don’t be one of those who stand amid the wreckage of their digital lives and say, “I should have…”