Too Well Connected

Okay, I don’t believe in being an alarmist about hacking, but if you’ve got an Amazon account, a Google account or an iCloud account, you need to read this chilling Wired article. In the space of a few hours, tech reporter Mat Honan had his iPhone and MacBook wiped (including the only copies of all his photos of his one-year-old daughter), lost two email accounts and had racist rants broadcast on his Twitter account. Later on, he ended up communicating with the hackers. For them, this attack was nothing personal – they had no grudge against him, and they had no use for any of the data on his phone or computer. They basically did it for laughs and a choice Twitter ID. Here’s a taste of how the they went about it:
‘In short, the very four [credit card] digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.’
And:
‘It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud.’
And though the caution includes Amazon, it also applies to any services that deliver:
‘If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.’
Maybe you’d wonder about the kinds of malicious bastards who do this level of damage just because they can – but they’re real and they’re out there. Anyway, the golden rule seems to be to back up off your hard drive regularly and don’t connect all your accounts together with related names. Or you could lose the lot.