How Apple and Amazon Security Flaws Led to My Epic Hacking

from Wired

IN THE SPACE of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook. 

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz. 

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location. 

Those security lapses are my fault, and I deeply, deeply regret them.

More here.

Posted in Social Media, Technology and tagged , , , , , , .

2 Comments

  1. Reading this article scared me. In a world where everything is online, and the definition of technology changes everyday, there are so many underlying issues in this whole phenomenon. When literally everything from family photos, banking statements, medical histories, and more or online, the big question is what is stopping others from gaining access to this extremely important information. Yes, everyone uses a password, but most of the time, this is easily guessed, like the name of your childhood pet followed by your favorite numbers and an exclamation point. Much of society, myself included, does not realize the fragility of the protection of any data that is stored online. Included in this group is Mat Honan, a worker at the company Wired. Mat, like many people today, did not back up any of his information, as he assumed it was all protected by his passwords. Of course, by reading the rest of the article, it is evident that Mat was clearly mistaken. One day, when trying to turn on his phone, Mat noticed something strange. Over the course of around an hour, Mat realized that hackers had retrieved much of Mat’s information, including his Apple and Amazon information, and had published some pretty upsetting tweets on his Twitter. The most upsetting part of this scenario was that hackers had done this almost too easily. When calling customer support at Apple, the company had basically no idea what was going on, and was shocked to hear that there had been a data breach. In the end, Mat was mostly mad at himself, as he believed it was his own fault that he had not backed up any information, and had seemingly made it too easy for himself to be hacked. He felt as though he was lucky, as even though he lost precious pictures of his daughter, Mat’s more valuable information like his bank statements were not harmed.

    There’s a few reasons why this article scared me so much, the first reason being that I see a lot of myself in Mat. In a highly technological world, I have just placed all of my trust in technology. I have no recent backups of any of my information, whether this be on my phone, computer, IPad, etc. In addition, I feel as though I do not have the best passwords to protect all of this important information. Finally, I feel as though I am really unaware, that is before reading this article, of the vulnerability of my information. After reading this article, it has become much more obvious to me that I need to take steps to protect my information. I need to strengthen passwords on my accounts to stop them from being easily guessed. I need to constantly see if any of my information looks odd. I need to realize that technology is advancing, but there will always be issues with security. As technology evolves, so do hackers and criminals of this nature. Therefore, myself, along with other individuals in the dark around these matters must take all of the necessary steps to educate themselves and protect their information from these knowledgeable hackers.

  2. This article is eye-opening yet traumatizing all at the same time. As a millennial who uses these sites on a daily basis, it’s scary to think how effortless it is for someone to gain access to your accounts. Cyber-security has become a very controversial topic in today’s world. Unfortunately, we are more worried about if Alexa is listening to our conversations rather than if someone can hack into our accounts and steal our personal information. Through this article, we see that even big companies like Apple and Amazon lack the knowledge of protocol when it comes to security measures. Apple stated, “In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected,” (https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/). Apple has access to millions of individuals’ data and they need to ensure that every employee follows the internal policies in place so that incidents like these don’t happen. Everyone puts their trust in passwords and security questions to ensure no one can access their private information. If someone can not answer the security questions that they set up correctly, then something isn’t right. Apple should have a more strict policy on what leads up to them giving someone access over the phone. Also, this hacker used Apple and Amazon information to gain access to Mat’s accounts. Both companies should consider working together to create a security policy that does not allow one company’s internal information to be used as security for another. If big companies don’t start taking cyber-security more seriously, it could lead to more hackers attacking the consumers. According to a CNN Article from 2014, 47% of U.S adults had their personal information exposed by hackers (https://money.cnn.com/2014/05/28/technology/security/hack-data-breach). I’m sure since 2014 that number has increased as technology continues to evolve.

    As consumers, we need to recognize flaws like such and take security measures into our own hands. What most people don’t know is that two-factor authentication is not automatically turned on for every website. If someone wanted that type of authentication, it requires them to turn it on manually on all sites. Mat mentions in the article that if two-factor authentication was turned on, it could have prevented him a lot of heartache in the end. Another crucial thing to remember is that recovery emails aren’t the only option. Some systems allow you to have a recovery phone number which will send you text messages if there is ever a need to recover your password. In addition to this, the website will also send you text messages to verify your account before you can even log in as part of the two-factor authentication. It is important for consumers to know all of their options when it comes to cyber-security. We need to be able to keep our information safe, especially if the companies holding our data are not taking it as seriously as they should be.

Leave a Reply

Your email address will not be published. Required fields are marked *