Apple and Amazon Hacks: How to Minimize Your Risk
Could you avoid an epic hack against your personal data and online accounts similar to the recent attack against former Gizmodo writer Mat Honan? Hackers bent on breaking into Honan’s Twitter account wreaked havoc on the technology writer’s personal computing devices and online accounts. The bad guys remotely wiped his iPad, iPhone, and Mac, and deleted his Google Account. The attack cost Honan most of his personal data (he didn’t backup the information) including family photos that may be unrecoverable.
The attack was partially because of poor security policies at Amazon and Apple, according to Honan’s account in Wired. Hackers were able to fool customer service representatives at Amazon and Apple to reset Honan’s passwords and take over those accounts.
It’s a devastating story and one that could happen to anybody with sensitive data stored online. Honan was not targeted because of a story he wrote or because of his views about technology. Instead, one hacker told Honan after the fact, he was targeted simply because the bad guys liked his Twitter username and wanted to use it.
Here’s what you can do to help minimize the risk of something similar happening to you.
Backup, Backup, Backup
The most basic thing you can do to avoid losing precious data such as photos, videos, word processing documents and other files is to backup your data. But it’s not enough to just stash everything in an external hard drive that sits on your desk at home. You should have one local backup at your location, as well as an off-site backup on a different storage medium for added security. For most people, this means using a cloud-based service such as Carbonite or SpiderOak. If those services are too expensive for you, free options such as Dropbox and SkyDrive may also work depending on how much storage space you need and the level of security you require for your data. The bottom line is you need two backups: one at home and one somewhere else.
Privatize your Web Registration
One hole in Honan’s security was that his website domain registration was unprotected. That means anyone who went to a WHOIS site could enter his domain address and find out exactly where he lived. Honan’s billing address was one of the key pieces of data used to access his Amazon and AppleID accounts. If you own a website and the registration is connected to your home address, make sure you pay the extra fee to hide your personal details.
Account Recovery E-mail
A primary mode of attack for hackers is to use an online service’s account recovery option to try to break in. That’s what got the ball rolling for Honan’s nightmare, and it has happened numerous other times including the 2008 hack of Sarah Palin’s Yahoo account and the 2009 corporate Twitter hack. The best way to protect yourself against this is to use a dedicated free e-mail account such as Gmail, Hotmail/Outlook or Yahoo for account recovery. Make sure the account isn’t using an obvious e-mail address such as email@example.com, firstname.lastname@example.org, or is similar to any of your other e-mail addresses.
If you’re a Hotmail/Outlook.com user, you can create an alias address inside your old Hotmail account. But don’t use this trick if your Hotmail address is already the point of contact for a sensitive account such as Amazon, Apple, Microsoft, or another service.
Firewall Between Sensitive Accounts
Another step you could take is to make sure a security breach can’t snowball where access to one account gives hackers access to another. Use different recovery e-mail addresses for highly sensitive accounts, especially any account where you store credit card or bank details such as Amazon, Apple, Google Checkout, PayPal, or Xbox.com.
If Gmail is your primary e-mail address, use two-factor authentication for logging in to the account. This requires you to enter a short verification code before getting access to your account. The code is sent to your phone via a smartphone app, SMS, or voice message. Without the verification code, hackers won’t be able to access your account. Check out the Gmail help page for more information about two-step verification. Yahoo also offers two-step verification, while Hotmail offers one-time passwords for secure logins on public PCs.
You may not be able to stop hackers from fooling customer service reps from handing over your data, but if you keep everything as separate as possible and backup your data, you can minimize the risk of losing everything when disaster strikes.