A group of hackers, who identified themselves as Clan Vv3, recently hacked into Wired journalist Mat Honan’s iCloud account with the help of Apple Support. Pretending to be Honan, the hackers contacted AppleCare support to reset his password. They were able to bypass the security questions by providing Honan’s email address, billing address, and last four digits of his credit card number which they had obtained from his Amazon account. Once they gained access to his iCloud account, they proceeded to remotely wipe his iPhone, iPad, and Macbook one by one along with his Gmail account. Honan’s personal and Gizmodo Twitter profiles were also connected to his iCloud account, and therefore were also compromised in the attack.
On his personal Tumblr, Honan stated that he has been in contact with Apple and Google since the attack to try to recover his data and make sure this doesn’t happen again. He also got in contact with DriveSavers, a data recovery company, who were able to recover data from his MacBook Air, making the painful situation, a little less painful.
In response to the attack, Apple put a temporary freeze on over-the-phone password verification to determine what changes, if any, needed to be made to their current security policies. Amazon responded by stating it will no longer allow customers to change account settings over the phone.
Protecting iCloud data
What can you do to protect yourself from similar attacks?
For one, you can disable iCloud services on your Mac and iOS devices. But what’s the point of having a device with cloud features if you can’t use them without constantly worrying? There is a risk with everything in life, but you take the proper measures to lessen the risks by securing your cloud services with these seven useful tips:
- Use strong, alphanumeric passwords and change them frequently.
- Never use the same password for more than one service.
- Use two-factor authentication wherever possible. Two-factor authentication is a process in which a user provides two forms of identification to prove who they are. Common forms of identification used include security codes, bank cards, or phone numbers. Using two-factor authentication significantly reduces the probability that someone could gain access to your information.
- Create individual accounts for each family member instead of sharing access to prevent multiple accounts from being compromised and exposed.
- Always choose security questions in which the answers aren’t easily guessed or researched through public records.
- Always keep a local backup of your data in addition to cloud backups.
- Disable services such as “Find my Mac” unless you are traveling or are in a situation in which your laptop might be lost or stolen (which is unlikely if it is always kept at home).
Get effective cloud security with a Secure Web Gateway (SWG)
Cisco Umbrella’s Secure Web Gateway (SWG) functionality provides cloud native, full proxy capabilities to improve performance and reduce risk by efficiently logging, inspecting, and controlling web traffic.