Apple and Amazon hacks: How to minimise your risk

A Gizmodo writer was the victim of an epic hack. Here's what you can do to avoid the same fate.

Could you avoid an epic hack against your personal data and online accounts similar to the recent attack against former Gizmodo writer Mat Honan? Hackers bent on breaking into Honans Twitter account wreaked havoc on the technology writers personal computing devices and online accounts. The bad guys remotely wiped his iPad, iPhone, and Mac, and deleted his Google Account. The attack cost Honan most of his personal data (he didnt backup the information) including family photos that may be unrecoverable.

The attack was partially because of poor security policies at Amazon and Apple, according to Honans account in Wired. Hackers were able to fool customer service representatives at Amazon and Apple to reset Honans passwords and take over those accounts.

Its a devastating story and one that could happen to anybody with sensitive data stored online. Honan was not targeted because of a story he wrote or because of his views about technology. Instead, one hacker told Honan after the fact, he was targeted simply because the bad guys liked his Twitter username and wanted to use it.

Heres what you can do to help minimize the risk of something similar happening to you.

Backup, Backup, Backup

The most basic thing you can do to avoid losing precious data such as photos, videos, word processing documents and other files is to backup your data. But its not enough to just stash everything in an external hard drive that sits on your desk at home. You should have one local backup at your location, as well as an off-site backup on a different storage medium for added security. For most people, this means using a cloud-based service such as Carbonite or SpiderOak. If those services are too expensive for you, free options such as Dropbox and SkyDrive may also work depending on how much storage space you need and the level of security you require for your data. The bottom line is you need two backups: one at home and one somewhere else.

Privatize your Web Registration

One hole in Honans security was that his website domain registration was unprotected. That means anyone who went to a WHOIS site could enter his domain address and find out exactly where he lived. Honans billing address was one of the key pieces of data used to access his Amazon and AppleID accounts. If you own a website and the registration is connected to your home address, make sure you pay the extra fee to hide your personal details.

Account Recovery E-mail

A primary mode of attack for hackers is to use an online services account recovery option to try to break in. Thats what got the ball rolling for Honans nightmare, and it has happened numerous other times including the 2008 hack of Sarah Palins Yahoo account and the 2009 corporate Twitter hack. The best way to protect yourself against this is to use a dedicated free e-mail account such as Gmail, Hotmail/Outlook or Yahoo for account recovery. Make sure the account isnt using an obvious e-mail address such as,, or is similar to any of your other e-mail addresses.

If youre a Hotmail/ user, you can create an alias address inside your old Hotmail account. But dont use this trick if your Hotmail address is already the point of contact for a sensitive account such as Amazon, Apple, Microsoft, or another service.

Firewall Between Sensitive Accounts

Another step you could take is to make sure a security breach cant snowball where access to one account gives hackers access to another. Use different recovery e-mail addresses for highly sensitive accounts, especially any account where you store credit card or bank details such as Amazon, Apple, Google Checkout, PayPal, or

Two-Step Verification

If Gmail is your primary e-mail address, use two-factor authentication for logging in to the account. This requires you to enter a short verification code before getting access to your account. The code is sent to your phone via a smartphone app, SMS, or voice message. Without the verification code, hackers wont be able to access your account. Check out the Gmail help page for more information about two-step verification. Yahoo also offers two-step verification, while Hotmail offers one-time passwords for secure logins on public PCs.

You may not be able to stop hackers from fooling customer service reps from handing over your data, but if you keep everything as separate as possible and backup your data, you can minimize the risk of losing everything when disaster strikes.

Connect with Ian Paul (@ianpaul) on Twitter andGoogle+, and with Today@PCWorld on Twitter for the latest tech news and analysis.

Join the CSO newsletter!

Error: Please check your email address.

More about Amazon Web ServicesAppleCarboniteDropboxGoogleHotmailMicrosoftPayPalXboxYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place