Recently, Matt Honan, a tech journalist for several prominent tech magazines and blogs had his personal Google, Twitter and Apple iCloud accounts hacked, which also led to remote wipes of his phone, tablet, and laptop harddrive (iPhone, iPad, and Macbook, naturally). The hackers were also able to briefly take over the Twitter feed of Gizmodo, a popular tech blog that Matt had contributed to, through his Twitter account.
Our online identities and accounts are managed by many different firms, each of which has slightly different security policies and information required to authorize password resets and/or access to accounts. In this case, these differences allowed the "hackers" to get the last four digits of his credit card from Amazon tech support (which could also be picked up from almost any credit card receipt), who considered the information relatively benign, but Apple considered sufficient to verify an individual's identity - enabling a password reset and subsequently, access to the Apple ID, used to secure iTunes and Apple store purchases, in addition to wiping out connected Apple devices with remote wipe enabled (a feature intended for use if your device is lost/stolen and you want to prevent others from getting access to your data on the device).
And here comes the PSA...
As more and more of our lives end up in online, I hope this serves as a reminder to you (as it was to me) to use good passwords (the geek comic xkcd.com has an interesting take on this here),and backup backup backup your important files on more than just your internal hard drive. I love having my files in the "cloud" (Dropbox/Microsoft Sky Drive/Google Drive/iCloud) but if your ID is stolen, be sure that you have a regular, alternate backup of your important files (Matt lost pictures of the first year of his daughter's life, among other things).
TechCrunch's take on the hacking
http://techcrunch.com/2012/08/07/what-would-happen-if-your-digital-life-was-destroyed/
Matt's original article on Wired
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
1 comment:
Thanks Ed for the reminder. The thing I struggle with is the fact that we live in an era where it’s virtually impossible to prevent a significant amount of personal information from being widely available (even if you don't provide it). This issue is further exacerbated by the fact that it’s virtually impossible to do anything productive on the web without having to provide your personal information (e.g., shopping, etc.).
At some point I believe we're all going to have to move towards some form of a secure digital ID. This digital ID will help to ameliorate the issues that were uncovered in this post by using a new form of authentication. However, it will also be pivotal in terms of moving people towards a "Digital wallet" in the physical world. Imagine walking into a store with your digital ID attached to your NFC enabled phone, picking out the items that you want, walking to a cash register, entering a pin and walking out of the store, without ever fumbling with your wallet. This kind of approach would open up tremendous opportunities to directly market to a customer on which a store could have a ton of minable information. The key change in the dynamic is that with a digital ID, merchants could track customer behavior and preferences much more closely (e.g., preferred time to shop, brand loyalty, etc.) across all channels (mobile, online, in store). Just one catch…how do you secure your digital ID? Mo technology, mo problems ;-)
Post a Comment