A hacker stole my family photos and upended my life, says Mat Honan, and it could easily happen to you
IN THE SPACE of one hour, my entire digital life was destroyed. My Google account was taken over, then deleted. My Twitter account was compromised and used to broadcast racist and homophobic messages. And worst of all, my Apple ID account was broken into, and hackers erased all of the data on my iPhone, iPad, and MacBook, including irreplaceable pictures of my family.
In many ways, this was my fault. My accounts were connected. Once the hackers got my Amazon password, they were able to get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-step verification on my Google account (which sends a second password for your account to your cellphone), it's possible that none of this would have happened, because the hackers' ultimate goal, I later found out, was simply to take over my Twitter account and wreak havoc.
Had I regularly backed up the data on my MacBook, I wouldn't have had to worry about losing more than a year's worth of photos — my daughter's whole life — or documents and emails that I had stored in no other location.
Those security lapses are my fault, and I deeply regret them.
I am a senior writer with Wired.com, but what happened to me can happen to anyone. The hackers who came after me exposed security flaws in several customer service systems, most notably Apple's and Amazon's. Amazon gave the hackers the ability to see a single piece of information — a partial credit card number — that Apple then used to release more information. In short, the very four digits that Amazon considered unimportant enough to display on the Web were precisely the ones that Apple considered secure enough to verify my ID. This disconnect points to a looming nightmare for all of us as we enter the era of cloud computing and connected devices.
If your computers aren't already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google's entire operating system is cloud-based. And Windows 8, Microsoft's most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year.
I REALIZED SOMETHING was wrong at about 5 p.m. on a Friday when my iPhone suddenly powered down and rebooted itself to the setup screen. This was irritating, but I assumed it was just a glitch. I entered my iCloud login to restore, and it wasn't accepted. Again, I was irritated but not alarmed.
Then, I went to connect the iPhone to my computer and restore from that. When I opened my laptop, a message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.
I didn't have a four-digit PIN.
By then, I knew something was very wrong. It occurred to me that I was being hacked. I unplugged my router and cable modem, turned off the Mac Mini we use as an entertainment center, and grabbed my wife's phone to call Apple's tech support.
©2012 Condé Nast Publications. All rights reserved. Originally published in Wired. Reprinted by permission.
Other stories from this topic:
- Instant Guide: Are terrorists posing as hot girls on Facebook to spy on soldiers?
- Fact Sheet: How future criminals could hack your brain and steal your PIN
- Controversy: How Obama and Mitt Romney's campaign apps invade your privacy