A tech journalist's online life was erased over the weekend – and the hackers used nothing more than easily-obtainable pieces of personal information to trick Apple and Amazon into letting them gain control of his accounts.
By now you might be familiar with the saga of Mat Honan, the Wired reporter whose entire digital life was destroyed by hackers over the weekend. And you might be in the process of checking the security of your own online stuff. If you're an Amazon customer, at least, you can breathe (slightly) easier: Amazon quietly changed its customer privacy policies this week, presumably making it harder for other hackers to carry out similar attacks.
To recap: The hackers didn't use any sophisticated algorithms or brute-force attacks to gain access to Honan's online information. They just called Apple, pretending to be Mr. Honan and claiming to have lost access to the associated Apple e-mail account.
The hackers supplied two pieces of easily-discoverable information – a billing address and the last four digits of a credit card (which they were able to obtain by exploiting an Amazon loophole) – and were able to reset Honan's e-mail account. From there, they took Honan's Twitter account, and wiped his iPhone, iPad, and Macbook. Then they erased his Google account, along with tons of personal photos and documents.
Now, at least, both companies have battened down the security hatches a little bit. At the time Honan was hacked, someone could call in to change the e-mail address or credit card associated with an Amazon account by supplying a name, e-mail address, and mailing address. Shortly after Honan's story was widely publicized, though, Amazon changed its policy so that these pieces of information can no longer be changed by phone.