This truly is a cautionary tale for all of us as Mat Honan is a technology reporter who just had numerous accounts hacked.  Mr. Honan has written an article that describes in great detail how the hackers got access to various accounts (e.g., Amazon, Google, Twitter, Apple ID) and the damage that ensued.  He also talks about the heartache caused when the hackers deleted all of the family photos he had saved on his MacBook.  His article is a “must -read” for all of us so we can evaluate how we’re storing information and how we’re protecting our accounts.  You can find it at http://www.wired.com (“How Apple and Amazon Security Flaws Led to My Epic Hacking”).

Mr. Honan was able to make contact with the hackers who seemed to do all this damage for the fun of it.  Part of their damage came when they posted horrible messages (racist and homophobic) using his Twitter account.   The ease with which the hackers gained the needed information is scary beyond words.  In his article, Mr. Honan describes how Apple tech support gave the hackers access to his iCloud account.  Mr. Honan talked twice with Apple tech support and confirmed that only two pieces of information are required to access an iCloud account: the account holder’s billing address and the last four digits of the credit card associated with the account.

I urge you to read Mr. Honan’s article because of the guidance he provides about steps to take to try and avoid having one’s accounts similarly compromised.  He admits that his accounts were what he called “daisey-chained together” and that he didn’t use a two factor authentication for his Google account.   Those two points are just several among the concrete suggestions included in his article.  Heather Kelly, a CNN reporter, has also written about Mr. Honan’s experiences.  Her story, “Apple account hack raises concern about cloud storage” is excellent and can be found at http://www.cnn.com.

Finally, Mr. Honan writes that he heard from others that they, too, had experienced similar hackings by this same group.  Just another reason to assess, at a minimum, how many of our accounts are linked and whether we’re using the strongest authentication that we need.