“Wired writer Mat Honan fell victim to a brutal hack over the weekend. Through misplaced ingenuity and a smidgen of social engineering, hackers gained access to his iCloud account and wiped his iPhone, iPad, and Mac drives clean. The actual attack involved breaking into Honan’s Amazon account, and then using information found there to break into his iCloud account. Things only got worse from there,” Lex Friedman reports for Macworld.
“Amazon and Apple clearly need to institute security policy changes to better protect their users. And Honan made mistakes of his own, most notably not backing up his Mac regularly. But the hackers’ initial entry point into Honan’s digital life was through, of all things, the ‘forgot password’ functionality offered by Gmail,” Friedman reports. “When they first plunked Honan’s email address into that form, Gmail displayed a redacted version of Honan’s MobileMe account: m••••firstname.lastname@example.org. Honan has plenty of ‘if only’s’ on his mind, but one biggie—to quote Honan’s story for Wired, is this: If he ‘had used two-factor authentication for Gmail, everything would have stopped here.'”
How to configure Google’s two-step authentication (and who to fix everything Google’s two-step authentication breaks) in the full article here.
See also, Adrian Covert’s “9 Things You Absolutely Must Do to Keep Your Online Identity Secure” via Gizmodo here.
Apple responds to iCloud hack: Our internal policies were not followed completely – August 7, 2012