By now, you’ve probably heard the horror story of the hack-attack that hit Wired writer Mat Honan this past weekend. His entire digital life was obliterated because a group of hackers wanted access to his Twitter account.
It’s rather disturbing to learn about the intentions these hackers had and lengths they went to in order to gain access to Mat’s Twitter account. I suppose, if you’re a hacker, it doesn’t take much to access someone’s Amazon, Apple, and Google accounts. But it’s rather heartless to remotely wipe someone’s iPhone, iPad, and Macbook — causing Mat to lose years of family photos, work, emails, etc. — just to have some laughs as you post racist and homophobic tweets on your victim’s Twitter feed.
This time, it wasn’t an SQL-injection or brute-force hack-attack that let hackers’ walk out the front door of the bank with all the cash in tow. It was one breach that had a ripple effect on others because of how interconnected all of our online accounts are.
Mat’s long story, short:
Access to Amazon gave hackers Mat’s billing address and the last four digits of his credit card, which was all hackers needed to reset his AppleID password, press his self-destruct button, and wipe his iPhone, iPad, and Macbook squeaky-clean. Gaining access to his AppleID gave them access to his Gmail account, where they reset his password to his Twitter, and, well voilà!
As Mat’s hack-attack shows us, one man’s trash is another man’s treasure, even when it comes to web security. Amazon displays the last four digits of that credit card, which Apple also uses to verify that you are you. (Somebody needs to get these companies talking to each other.)
It sounds like there are a lot of problems here, but there are specific precautions you can take to protect yourself:
- For one, never store your personal data anywhere on the web, no matter how incredibly convenient it is. The priorities for e-commerce sites is to have your info like your credit card numbers and addresses saved on their site for the purpose of getting you to buy things. Their prerogative isn’t your online security — that’s what ours is.
- Use 2-step verifications wherever possible. Sure, it’s a hassle. But hackers wouldn’t have gotten as far as they did if he’d activated his Google account’s 2-step verification. Plus, it’s only a “hassle” in the beginning. Once you get set-up on all your devices, it’ll only send you codes when you or anyone logs in from somewhere new.
- Use Dashlane to secure your online life. It’s easy-to-use and no one can gain access to your account but you, thanks to our 2-step authentication for new devices and the fact that your master password is never stored anywhere, except in your head!
So, what are you waiting for? Start setting up your online life to be more secure today. Let Mat’s horror story be your wake-up call! And for those of you who already use Dashlane, tell your friends and family about it — good karma and all.