This article might sound very technical to most of you but I hope that you will bear with me and read it through because the concepts are very important.
Basically, the “hackers” liked his Twitter handle, @mat. So they found his email address email@example.com, and went to Gmail to see what they could find. His Gmail password recovery was an @me account. Next using Internet search they found his address, called Amazon, added a fake credit card to his account, which then on another tech support call they used to gain access to his Amazon account. Access to his Amazon account showed his real Credit card number, which combined with his address they were able to get Apple to reset his @me password. Which then they could log in, wipe his phone, ipad and MacBook. At this point not only is his Internet identity owned by someone else but all of his personal data is gone. Oops. But wait, he has a backup, right? Not exactly. His backup is in iCloud. Which he can’t access. Because they reset his password and all of his security questions. Then they used his accounts to post racist and worse information in his name.
Many people are saying this could have been prevented if he had used two-factor authentication to log into his Google account, or if it wasn’t so easy to get around Apple technical support security questions or if he’d had a backup of his MacBook and the data in iCloud. But it really isn’t that easy.
We all have multiple accounts that are tied together by virtue of them being ours. Like it or not we all now have an online identity and when it gets stolen it is as bad or worse than having your physical identity stolen.
Securing your Internet identity and the information housed within it is difficult. There is no quick fix and every Internet based application has its own rules for best practices. I’d like to help you solve this problem, so we’re going to do a few things:
- We are involved in the early development stages with a product that will backup a copy of your employees and your businesses cloud stored data. This will eventually include things like gmail, facebook photos and friends lists, file storage and will be able to interface into almost any hosted service provided the service make API’s to allow it. (an API is a programming interface)
- We are going to begin to develop best practices sheets on how to secure various types of Cloud services that you’ll be able to follow to help secure your Internet identity.
- We are investigating a service that will let us setup secure two-factor authentication on any hosted service that supports SAML. (saml is a standard authentication protocol and two-factor authentication is your password plus a one-time PIN which you will get from a key fob or a small app on your phone)
- We are working to redesign our Internet backup solution to provide more flexibility to allow you to also backup your laptops whether they ever come into the office or not. These backups can also be centrally stored in your office as well as in the Cloud.
Most of these new things are going to ride under our new umbrella, Harbor Secure Cloud. Hopefully that will keep it simple as well as secure.