I've Been Mugged Blog

It seems that in most places you read, companies and technologists advise consumers to use the "cloud" for data storage: your data is stored remotely in Internet-connected computers hosted by third-party companies. That data can be a variety of files (e.g., music, spreadsheets, text), calendar appointments, and contact information (e.g., work email, home email, address, mobile phone, work phone). Your data can then be synced across, and easily accessed by multiple devices: laptops, tablets, and smart phones.

What happens when there is a security breach, and your data stored in the cloud gets hacked?

This happened to Matt Honan a former technology writer at Gizmodo, and his story can serve as a cautionary tale for all of us.

Matt uses Apple branded products and services (e.g., MacBook Air notebook, iPad, iPhone, iCloud) and Google Mail. When his smart phone stopped working, he first thought it was a software glich. When he tried to connect his laptop to restore from a backup, he found he couldn't log in. Then he knew it was bad:

"At 5:00 PM, they remote wiped my iPhone. At 5:01 PM, they remote wiped my iPad. At 5:05, they remote wiped my MacBook Air. A few minutes after that, they took over my Twitter... When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four digit pin. I didn’t have a four digit pin."

The hacker had accessed his accounts and then reset his passwords. The hacker was able to access his iCloud account, remotely wiped clean all data from his mobile devices, deleted his Gmail account, and deleted his archived data. How did this happen? IT World concluded:

"... as Honan would learn during his investigation, how was the hacker able to obtain Honan's iCloud account by calling Apple support and social engineering that information from Apple? If true, this is a huge hole in Apple's security procedures, and one that puts Apple iCloud users at serious risk... Laying this all on Apple's feet would be easy to do, and there's no getting around the fact that Apple has a problem that needs to be solved. But beyond Apple, this incident also points out potential problems with the growing dependency consumers have with cloud data storage..."

Some technologists argue that what happened to Honan was a best-case scenario. A best-case scenario because the hacker dsabled Honan's devices, making it easy to determine that his deviceds had been hacked. More likely, hackers or spammers would not disable your devices making it more difficult to determine if your devices had been hacked. Instead, they would likely install malware on your computer and then use it to send spam, or use keylogging software to capture your sign-in credentials for your bank and financial accounts.

If you use the cloud for data storage, experts advise consumers:

• Don't use the same password across accounts
• Use strong passwords, and don't use weak passwords
• Protect your passwords. Store them in a secure place. If you decide to use password management software, shop around and compare first
• Password-protect your mobile devices
• Use websites that employ at least two-factor authentication