Unless you live under a rock you probably already have heard about the “Epic Hack” that compromised technology journalist Mat Honan’s online life on August 3 2012. Mat was a former editor for Wired magazine and currently a senior reporter at Gizmodo, a technology gadget website.
As Mat describes in his article “How Apple and Amazon Security Flaws Led to My Epic Hacking“, in the space of one hour his entire digital life was destroyed. He lost his Google and Twitter accounts, once the hackers gained access to the AppleID account they performed a “remote wipe” which is basically a factory reset to his iPhone, iPad and MacBook. He performed regular backups of his Apple devices, but those were deleted too.
Mat blames himself – but this raises monstrous concerns about security, especially when accounts are linked together.
This hack was not about brute force attacks or some kiddie script churning away until it hit pay dirt. No – this hack was well planned and exploited everyday issues we as users run into. What this hack did was expose vital security flaws at Apple and Amazon, mainly in their customer service.
It seems Amazon and Apple deem a little piece of information at different sides of the security spectrum – the last 4 digits of your credit card number. To summarize – Amazon considers the last digits of your credit card number unimportant and displays them in the clear, whereas Apple considers them secure and uses them for identity verification.
This created a perfect storm allowing the hackers to take control of several accounts. Basically here is how it played out:
- Hackers gained access to Amazon account
- Hackers gained access to AppleID account
- Hackers delete Google account
- Hackers post prohibited comments on Twitter, account suspended
- Hackers remote wipe iPhone
- Hackers remote wipe iPad
- Hackers remote wipe MacBook
- Hackers delete all Apple backups
In less than an hour, this completely destroyed Mat’s online presence and obliterated every digital device he owned that accessed the Internet leaving him unable to get connected.
This was allowed to happen for different reasons, but mainly because several of his accounts were linked together and customer service did not follow security policy procedures.
Apple and Amazon have since changed their security policies to avert future exploits. But as mentioned above – Mat also blames himself.
It brings up a good topic that we have been telling our customers for years. That is – do not use the same password for all your online accounts, in fact you should have a different password for each account. Plus – you should make sure that when you link accounts together, there is some sort of verification between them. Either by a secondary password or by IP address. These two items can save your online identity. Google employs a two-step verification, but this was not activated. This is why Mat blames himself just as much as Apple and Amazon.
“Although this is a sad event and this is exactly what we are trying to fix with our cloud solution, triple-layer security with backup and disaster recovery automatically built-in”, states James Roten, CEO of Raven Cloud Computing.”Cloud computing has the same challenges as on-premise LAN / WAN / MAN computing”, he goes on to say.
We have always used and we suggest to our customers that they use different administrator passwords for their desktops, servers, routers, switches, firewall and wireless devices. This way, if one method is exploited the damage is limited to just that segment. You should do this too to all your online accounts.
If you would like, we provide a Free Technical Assessment, this can be beneficial to new and startup companies that are not sure where to start. You can always find our cloud and hosted services in the right column of this page or by simply going to our website at Raven Cloud Computing.