Hacking pops in the news occasionally, but mainly when it happens on a huge scale. Hotmail’s big breach a few years back, Dropbox’s “password optional” bug last year, and Yahoo Voices’ stolen credentials are some of the bigger ones that have made it into the news and they all have one thing in common; they were on a large scale and fairly isolated in that millions of people did not lose their entire lives to them. Basically: they were news, but they weren’t extremely scary to most people. Even I can admit that large-scale attacks don’t scare me and I am conscious of how destructive an attack can be.

The fact that those huge breaches are so often brushed off and users change their passwords or drop the service and consider themselves completely secure again downplays how epic an attack on an individual can be. In all likelihood if hacking was seen as a much scarier thing to individuals there would be far more outcry for improved security of breached sites, less need to demand secure passwords, and less complaining about places that require a password change every 4 months (I’m looking at you, RIT students, though I know it’s the same at other colleges). However, that isn’t the case and an alarming number of people use the same passwords for every site and blindly give apps access to their accounts. Although the latest victim wasn’t guilty of that exactly, it shows that even more knowledgeable people can get hit. From Wired’s Mat Honan:

“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”

“By wiping my MacBook and deleting my Google account, they now not only had the ability to control my account, but were able to prevent me from regaining access. And crazily, in ways that I don’t and never will understand, those deletions were just collateral damage. My MacBook data — including those irreplaceable pictures of my family, of my child’s first year and relatives who have now passed from this life — weren’t the target. Nor were the eight years of messages in my Gmail account. The target was always Twitter. My MacBook data was torched simply to prevent me from getting back in.” [(Hanon)]{style=”font-size: xx-small;”}

Read that again if it didn’t sink in. There were a few problems that lead to it according to Wired. Part of it is a disconnect between what companies consider secure data. Amazon does not consider the last 4 digits of your card number to be secure information so they are visible when logged in. Apple considers those secure and uses them for identity verification. Another part was that Mat’s accounts were interconnected so that getting one could lead to getting another. The last part was that Mat didn’t have Google’s two-step verification turned on, which would have prevented his hackers from getting in even once they reset his password. All that just to embarrass him via his Twitter. Imagine if they had wanted more than that.

So, right now: If you use the same password on all your accounts, go and change it like you’ve been told to do for a long time now. If you’re not using security features of the websites you use, turn them on. Facebook, Google, Yahoo, and soon Dropbox have two-step authentication that everyone should be using. Make sure the answers to your security questions can’t be found online. And finally, don’t rely on the cloud to back up your data especially if it also syncs it between your devices. Offline data can’t be hacked or destroyed without physical access, so keep copies of data on that hard drive sitting on your desk that you never use. It’s not worth risking your digital life for the convenience of a weak password that you can type in two seconds on your phone’s number pad.

Source:

Hanon, Mat. “How Apple and Amazon Security Flaws Led to My Epic Hacking.” Gadget Lab. Wired, 6 Aug 2012. Web. Web. 8 Aug. 2012. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/?src=longreads