Until this week, Mat Honan was just a well-regarded tech writer with a solid following at Gizmodo and Wired. Today, thanks to one of the worst public hack attacks in recent memory, Mat is now the poster child for the risks of online data — and the need for both data security and data backup.
The details of Honan’s account are as involved as they are brutal, but it boils down to this: A hacker got ahold of just one of Honan’s passwords and, since nearly all his online accounts were connected in some fashion, used that information to access and then summarily delete everything in his Gmail archive and remotely wipe all the local data on his MacBook, iPad and iPhone.
All his email messages, gone. All his documents and apps and music, deleted. All the photos of Honan’s daughter, lost — perhaps forever.
There are three lessons from Honan’s ordeal, hopefully none of which you need to learn from personal experience.
Lesson 1: You Can Get Hacked Even If Every System You Use is Secure
Honan lost everything because of a quirk in how Apple and Amazon’s customer service protocols overlapped. The information that Amazon publicly divulged — the last four digits of Honan’s credit card number — was all that the hackers needed to confirm his identity at Apple and gain access to his iCloud account. With control of just that one account, the hackers simply performed a series of forgotten password resets to gain access to every connected service — and trash all of Honan’s data along the way.
Now, Apple and Amazon could have been more secure (and they’ve already updated their security policies in the wake of Honan’s loss), but their procedures protected each of their respective systems in isolation. It was the combination of Apple and Amazon’s security weaknesses that led to Honan’s assault. Exactly who is at fault is a matter of heated debate, but suffice it to say, it was the unexpected combination of two security policies that led to the failure of both. Amazon’s systems protected Amazon, Apple’s protocols protected Apple, but Amazon and Apple didn’t protect each other. Those are the kinds of emergent risks only the most studious security pros (and hackers) see coming.
Honan’s only “mistake” here was using the same credit card for both Amazon and Apple. Almost no one would see that as a serious security risk. What other risks don’t (or won’t) you see coming?
Lesson 2: You Can Get Hacked for Reasons You’d Never Expect
Some have suggested that Mat Honan was hacked specifically because he writes for Wired and Gizmodo, thus making him a high-profile target — perfect for hackers looking to gain attention and street cred. The only problem is that Honan actually talked to one member of the hacking crew in the process of trying to wrestle back control of his accounts, and the attacker admitted Honan’s status with Gizmodo and Wired was totally immaterial. Honan hadn’t offended or intruded on the hacking group in any way. He was guilty of only one thing that made him worthy of the attack: Honan has a three-letter Twitter handle, @mat.
Every three-character Twitter name has long since been claimed, and the ones in active use are somewhat prized among the tech set. Honan was targeted simply because he had a cool Twitter name and the hackers wanted to see if they could take it from him. All the rest of the account thefts and data wipes were done to either gain access to Honan’s Twitter handle or prevent Honan from having the tools to get his Twitter account back.
Honan’s only offense was having something someone else wanted, for reasons he’d never expect. Who is to say you won’t attract the attention of similar attackers?
Lesson 3: Everyone, and Everything, Needs Backup
Mat Honan is one of the most technically astute journalists you’re likely to come across. He understands security and redundancy. The hackers were able to wipe his MacBook and iPhone by turning some of Honan’s own security measures against him — those devices have remote data-purge features in case they’re ever stolen, so thieves can’t get personal information off your hard drives. Honan lost data because he had protections in place; how’s that for irony?
Nonetheless, even a smart guy like Honan, someone who knows how online systems work, was vulnerable to data loss. And he wasn’t prepared for it. Here are Honan’s own words:
“I had done some pretty stupid things. Things you shouldn’t do.
“I should have been regularly backing up my MacBook. Because I wasn’t doing that, if all the photos from the first year and a half of my daughter’s life are ultimately lost, I will have only myself to blame. …
“The weird thing is, I’m not even especially angry at [the hackers] in the attack. I’m mostly mad at myself. I’m mad as hell for not backing up my data. I’m sad, and shocked, and feel that I am ultimately to blame for that loss.”
Mat Honan, through very little fault of his own, is now the ultimate cautionary tale for the necessity of backup. You can’t predict when or why or how your data will be corrupted or destroyed; even using totally secure systems and keeping a low, inoffensive profile are not enough to spare you from unexpected attacks and data disasters. Ultimately, the only way to be sure you don’t lose data is to have it stored in as many places as possible, with as many copies as possible. And, at the end of the day, the responsibility for protecting your data is yours, and yours alone.
Hope you’ve got a good backup plan.