Online Identity Theft - Should We Care?

As we are turning towards a more progressively online world, security breaches have turned out to be one of the most important downsides. In a recent case of how nightmarish this can get, Wired reporter Mat Honan became a victim of a massive hack attack after miscreants, aiming to get hold of his twitter handle, hacked into his Amazon and Apple accounts through a credit card gaffe. “Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification,” explains Honan.

By placing a call to Amazon customer support posing as Honan and providing his full name, mailing address and email address, they got his Amazon account password reset. Once inside, they acquired the necessary credit card info and subsequently called on Apple support to authenticate his identity by supplying his personal information in addition to the four digits of his credit card number obtained from his Amazon account. The security policy at Apple support was so lax that account reset procedures were undertaken despite them being unable to answer the security questions set by Honan.

Once they got their hands on his iCloud account (nothing but his Apple ID), they went on to compromise his Gmail and Twitter accounts (as the accounts are all linked together). It’s just not the end. The hackers also managed to remote-wipe an entire year worth of data on his iPhone, iPad and MacBook, in addition to deleting his Google account. In the aftermath of this security fiasco, Amazon and Apple have put a lid on accepting over-the-phone account changes. That with a bit of searching they were able to locate his name, address and email address and undertake such a cascading level of hack without attempting to crack his password is the most unsettling. As more devices embrace the cloud (Apple – iCloud, Microsoft – SkyDrive, Google – Google Drive), the incident serves as a clarion call to every one of us and shows how important it is protect our online identity.

Steps to protect your identity and data online:
1) Setup 2-factor authentication in your Gmail, Yahoo! and Facebook accounts where in addition to entering your username and password, you would provide one-time code sent via SMS.
2) If relying on a cloud service for files and media, do a external hard drive backup on a regular basis.
3) Distribute your online data (email, contacts, calendar) across several accounts so that a backup is available.

Update: Senior writer Mat Honan might have had his worst online experience when his digital life was erased following the marathon hacking, but there has been a good side to this as well. He has been able to not only recover his Gmail and Twitter accounts, but also 75% of his data that was wiped off his Apple devices thanks to a data recovery service DriveSavers (for a price of $1690). Honan explains the Google account recovery process (refer to the second 'here' link below) asking him to name "five people I e-mailed the most" and other finer specifics like "the names of folders in my Gmail account, and the dates on which I had set up various other Google accounts, like Google Docs" (Do you know these if Google were to pose these questions to you?). He particularly laments the lack of security and warns every single one of us to be on the lookout. Read Mat Honan's complete account here and here.

First published: Aug 11, 2012 (12:32 AM)

Comments

  1. That is crazy, I am so afraid of getting my identity stolen. I purchased Subaru Outback parts one time and was so nervous I never ordered anything online again. I pay my bills online, can my identity got stolen that way? Thanks for the tips!

    ReplyDelete
    Replies
    1. Thanks for reading this! As long as the bill payment systems are secure there is no cause for worry. The problem in this case (referring to the article) mainly happened because of the poor security practices followed by the tech support teams. But on the whole, it's better to be on the cautious side.

      Delete
  2. mackenzie, your online data really depends on how secure the e-commerce software is that the seller is using. Common sense is often enough to prevent ID fraud but that kind of safety is put in the hands of the person you're doing your business with, I suggest speaking to a professional like Russell Richardson Shredders about situations beyond your control.

    ReplyDelete

Post a Comment