Aftter Mat Honan's epic hacking, what can you do to protect yourself?

By now, you should have read about Wired and Gizmodo’s writer’s Mat Honan’s epic hacking. He lost a lot of data, including photos of his baby daughter he did not back up. Ever.

Mat has found out how the hackers got into his account. These kids (one hacker identified himself as only 19 years old!) used social engineering to get the information from Apple and Amazon. Along the way, they picked up other data that enabled them to wreak havoc.

I won’t go into a detailed description of how it occurred. Go here to read Mat’s harrowing account.

So, what can you do to prevent this from happening to you?

First, BACKUP YOUR DATA! Mat feels most upset that he did not backup his Mac laptop with his daughter’s pictures. Folks, use Time Machine. If you don’t use Time Machine and Frys or Best Buy or Costco or Sam’s Club is open, get your butt there and buy a big USB hard drive. A 2 TB is available for $150 or less. What are you waiting for? Go, go.

If you use Windows or Linux, use the built-in backup tools. You might want to look at Crashplan.com, too. I noticed they placed a banner ad above Mat’s story on Wired.com.

Second, enable two-factor authorization for Gmail. Mat says that if he had set up two-factor authorization for his G-mail account. that would have stopped the hack attack.

Third, dedicate an e-mail account just to password recovery. Don’t link to this account. Don’t even use it for private messages. This account strictly handles recovery in case of e-mail problems.

Fourth, don’t use the same sequence for each of your e-mail accounts. Mat Honan used mhonan@me.com and mhonan@gmail.com to the extent that the hackers could easily guess the e-mail address for other accounts. Mix it up a bit.

Let me reiterate. This is an excerpt from a story on Discovery.com about this whole incident.

“Most of us aren't such an attractive target, but our risk is not zero either. Five defensive measures come to mind, which Honan endorsed when I talked with him by phone on Tuesday:

Keep a local backup of your data. (On a Mac, use Time Machine; in Windows, use Microsoft's built-in utility; CrashPlan can work too.)

Until Apple fixes a security policy that can be defeated without advanced social engineering, don't store a heavily used credit card at the iTunes Store.

Disable Find My Mac on your computers, in the System Preferences app's iCloud section. Find My iPhone/iPad remains useful; Honan said it recently helped recover his wife's phone.

Whatever e-mail you set for password recovery should be obscure, certainly not an iCloud .me or .mac address.

If you use Gmail for anything vital, enable "two-step verification" to ensure people can't take it over with just a password.

Be careful out there, everyone.”

Tom Briant

Editor and Media Manager, MacValley UG