<img src="https://secure.seem3pick.com/198073.png" style="display:none;">

Your Password and Security Questions Can be Surpassed

Posted by Phuong Diep on Tue, Aug 07, 2012

Matt HolanAll of your life you’ve learned that in order to prevent yourself from being hacked, your password should be more than 6 characters long, with at least one number in your password. Along with that, most websites even require a security question to surpass the password when you log in on an unfamiliar computer. You would think that through this process that your account and information would be protected and that you have nothing to worry about. People have believed this for years but now their beliefs have changed thanks to Mat Honan, whose digital life was destroyed by hackers due to Apple and Amazon’s security flaws.

Although Honan used a seven-digit alphanumeric password for his AppleID, his Macbook was still hacked with no problem. Not only was his Macbook hacked but his iPhone, twitter account, Gmail account, Amazon account and iPad as well. After finally realizing that something was terribly wrong when his iPhone wouldn’t restore correctly, he called Apple Tech Support and spent an hour and a half on the phone with them trying to figure out what happened. It was discovered later on that the hacker had already previously called claiming to be Honan to issue a temporary password and from there, the hacker was able to easily obtain Honan’s other information to hack his account.

After re-creating a different twitter account, Honan was able to converse with his hacker after the hacker had tweeted Honan. The hacker, who code named himself Phobia, and his partner did not have a legitimate reason for his actions. He told Honan, “My goal is to get it out there to other people so eventually everyone can overcome hackers.” The hacker claims to be only 19 years old and does indeed feel sorry for some of his actions.

One of the main reasons that the hacker was able to succeed was the lack of security from Apple and Amazon. Apple issued a temporary password to Phobia despite asking him Honan’s security questions. After obtaining the temporary password, Phobia was able to access his cloud, thus finding access to Honan’s other accounts and information. As for Amazon, Phobia was able to call them and say that he wanted to add another credit card to the account. In order to do so, all they needed was the name on the account, the associated email address, and the billing address.

There were a lot of techniques that could have been played out in order to possibly prevent the hack from happening. If Honan would have backed up his files on his devices from time to time, he probably wouldn’t feel a major loss. If Apple and Amazon took further action to question the hacker then maybe their attempt would have been harder to succeed. Overall we have learned from Honan’s story that no matter how long your password may be or how many security questions you set up, your information and accounts cannot be secure enough. There are many ways to prevent yourself from being hacked, for example if you have credit card numbers on file with the website, take them off and manually type them in when you need to. Try to keep your personal information to yourself as much as possible to prevent losing all of your important information!

Mat Honan’s complete experience in detail can be found here: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

Tags: Disaster Recovery, Data Security

Subscribe to our BLOG

Recent Posts