Slide: 1 / of 3.
Caption: Meet Mat Honan. He just had his digital life dissolved by hackers. Photo: Ariel Zambelich/Wired. Illustration: Ross Patton/Wired
Slide: 2 / of 3.
Caption: By exploiting the customer service procedures employed by Apple and Amazon, hackers were able to get into iCloud and take over all of Wired reporter Mat Honan's digital devices -- and data. Image: Ariel Zambelich/Wired
Slide: 3 / of 3.
Caption: Be careful with your Amazon account -- or someone might by merchandise on your credit card, but send it to their home.
How Apple and Amazon Security Flaws Led to My Epic Hacking
Meet Mat Honan. He just had his digital life dissolved by hackers. Photo: Ariel Zambelich/Wired. Illustration: Ross Patton/Wired
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them
access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.
Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
Those security lapses are my fault, and I deeply, deeply regret them.
But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
This isn’t just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.
Category: How to computer