The attack was partially because of poor security policies at Amazon and Apple, according to Honan’s account in Wired. Hackers were able to fool customer service representatives at Amazon and Apple to reset Honan’s passwords and take over those accounts.
It’s a devastating story and one that could happen to anybody with sensitive data stored online. Honan was not targeted because of a story he wrote or because of his views about technology. Instead, one hacker told Honan after the fact, he was targeted simply because the bad guys liked his Twitter username and wanted to use it.
Here’s what you can do to help minimize the risk of something similar happening to you.
Backup, Backup, Backup
The most basic thing you can do to avoid losing precious data such as photos, videos, word processing documents and other files is to backup your data. But it’s not enough to just stash everything in an external hard drive that sits on your desk at home. You should have one local backup at your location, as well as an off-site backup on a different storage medium for added security. For most people, this means using a cloud-based service such as Carbonite or SpiderOak. If those services are too expensive for you, free options such as Dropbox and SkyDrive may also work depending on how much storage space you need and the level of security you require for your data. The bottom line is you need two backups: one at home and one somewhere else.
Privatize your Web Registration
Account Recovery E-mail
A primary mode of attack for hackers is to use an online service’s account recovery option to try to break in. That’s what got the ball rolling for Honan’s nightmare, and it has happened numerous other times including the 2008 hack of Sarah Palin’s Yahoo account and the 2009 corporate Twitter hack. The best way to protect yourself against this is to use a dedicated free e-mail account such as Gmail, Hotmail/Outlook or Yahoo for account recovery. Make sure the account isn’t using an obvious e-mail address such as your.name@gmail.com, myrecovery@outlook.com, or is similar to any of your other e-mail addresses.
If you’re a Hotmail/Outlook.com user, you can create an alias address inside your old Hotmail account. But don’t use this trick if your Hotmail address is already the point of contact for a sensitive account such as Amazon, Apple, Microsoft, or another service.
Firewall Between Sensitive Accounts
Two-Step Verification
If Gmail is your primary e-mail address, use two-factor authentication for logging in to the account. This requires you to enter a short verification code before getting access to your account. The code is sent to your phone via a smartphone app, SMS, or voice message. Without the verification code, hackers won’t be able to access your account. Check out the Gmail help page for more information about two-step verification. Yahoo also offers two-step verification, while Hotmail offers one-time passwords for secure logins on public PCs.
You may not be able to stop hackers from fooling customer service reps from handing over your data, but if you keep everything as separate as possible and backup your data, you can minimize the risk of losing everything when disaster strikes.
Connect with Ian Paul (@ianpaul) on Twitter andGoogle+, and with Today@PCWorld on Twitter for the latest tech news and analysis.