In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.
Honan’s account of his epic hacking is unnerving. The way Apple Tech “Support” handled everything is appalling. The hacker who called support before he did couldn’t answer the security questions, but they gave him access to everything anyway. Isn’t that a breach in … well … whatever their job is? Their job is to try to help you keep your accounts secure, and even if it -really is you calling- and you can’t answer the security questions, there are other ways they can verify your identity, they’re not supposed to give out personal information willy nilly to anyone who calls (probably from a number not verified as your own) and who knows nothing about you. So I really can’t even think of why Honan would think the hacking as in any way his own fault, even if his accounts are all interconnected.
It is also unnerving to think about what all one could lose in a short amount of time, and how difficult and even impossible for some people to have it restored.
I didn’t get everything back. DriveSavers was only looking for the things I specifically requested. I’ve lost all my applications, for example, as well as long-established preferences and settings that have been moving from machine to machine with me. But that’s OK. I can live without them. I can buy them again. Whatever. Besides, sometimes it’s nice to start with a clean slate, and I spent yesterday installing a new, clean operating system on my MacBook Air.
…
The bill for all this? $1,690. Data doesn’t come cheap.
All in all I feel fairly safe, I guess. On Mason’s Security site, they give you seven steps to follow for better security:
Step 1: Activate a Password Protected Screensaver
Step 2: Use Strong Passwords for All of Your Accounts
Step 3: Automatically Receive Critical Updates
Step 4: Verify Antivirus Software is Configured Properly
Step 5: Use Anti-Spyware Software
Step 6: Unique Passwords for all User Accounts
1: Check.
2. Check
3. Check
4. Check
5. Check
6. Oops!
7. Check
I need to re-evaluate the strength of some of my passwords. Like Honan I’m generally a 1Password kinda person, though they’re all strong passwords at least 12-16 characters long. I just never really guessed that anyone would be interested in hacking anything of mine since I lead a simple, fairly uneventful life and all they would get out of hacking my accounts would be notifications of people tagging me on Facebook or following me on Tumblr, as I print out, file, and then delete emails with more personal emails in them.
Even if there is a better way to secure your internet identity, I just will never understand why people hack ordinary people… especially just hacking their emails, their Twitters, etc. What can really be gained from it? I guess they’re just people who can live with the thoughts that they’ve caused someone a ridiculous amount of trouble and woe, potentially completely ruined someone’s life, and can then just laugh about it. I can take whatever steps are necessary (or I’m told are necessary), but really all you can do is pray that you never do something even unknowingly to provoke one of them, or that you’re not just randomly targeted because your handle on some site is shiny and attracts them.
For the most part, I think I’ll keep my life offline, kthnx.