This is a frightening story. Mat Honan, a technology writer, had his iCloud, Google, Twitter, and Amazon accounts hijacked, and in turn, his iPhone, iPad, and MacBook remotely wiped, destroying years of data he had not backed up. He was lucky, though, in that the hackers were only interested in having some fun rather than running amok with his financial data.
All of the big technology companies are pushing us towards exclusive use of their cloud-based systems. Syncing in the cloud is tremendously difficult, and it’s pretty amazing that the systems work as well as they do. There really is a magic to accessing a file on your phone, tablet, or computer and always having the latest version. But as hard as they are working on the sync-side of their businesses, they all clearly need to spend even more time considering the security elements of the cloud. If people can’t be sure their data will be safe, there’s no reason to use the cloud.
Amazon has already adjusted how users can reset their passwords. Apple has suspended the current system as they research a better option. This is an excellent reminder that you should take advantage of all the security options available to you when you put your data into the cloud. For example, if you use Google, by all means use their two-factor authentication option. It’s a bit of a hassle to set-up, but that’s a small price to pay for not waking up one day and finding all your accounts hacked.
Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
How Apple and Amazon Security Flaws Led to My Epic Hacking