moin moin, Wired reporter Mat Honan lost almost all of his data. It took hackers an hour to take over his Gmail, Amazon, Apple and Twitter accounts. Along the way they deleted all the data on his phone, his tablet and his laptop ( all Apple products using one stop deletion from Apple ). They also deleted his Gmail account and all 8 years of his email. Do you allow the cloud to delete your data? Do you store email addresses and physical addresses in your contact list? Do those people use that same email address for banking? Online shopping? Social networking? Do other people store the email address you use for banking alongside your physical address? See my presentation Thursday on "Online security, privacy and password management" for tips and tricks on how to keep this from happening to you. http://PLUG.phoenix.az.us/meetings/14-east-valley-meeting/89-plug-east-meeting-for-aug-9.html Oh, and make sure you have off-cloud backups of important data! Here's the longish story: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/ Below are some choice quotes: ### In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. ### ### After coming across my account, the hackers did some background research. My Twitter account linked to my personal website, where they found my Gmail address. Guessing that this was also the e-mail address I used for Twitter, Phobia went to Google’s account recovery page. He didn’t even have to actually attempt a recovery. This was just a recon mission. ### ### “You honestly can get into any email associated with apple,” Phobia claimed in an e-mail. And while it’s work, that seems to be largely true. ### ### First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry’s published self-check algorithm.) Then you hang up. ### ### And it’s also worth noting that one wouldn’t have to call Amazon to pull this off. Your pizza guy could do the same thing, for example. If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life. ### ### They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well. As Ed Bott pointed out on TWiT.tv, my years as a technology journalist have put some very influential people in my address book. They could have been victimized too. ### ciao, der.hans -- # http://www.LuftHans.com/ http://www.LuftHans.com/Classes/ # "It is a miracle that curiosity survives formal education." # -- Albert Einstein