it security – be paranoid, be very paranoid

Fascinating story in Wired about how one of their writers (Mat Honan) had his “entire digital life” destroyed by a hacker:

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

And why did someone go to all this trouble? Was it to try abscond with thousands of dollars? Was it because Mr. Honan had publicly denigrated and embarrassed one of them in one of his articles? Nope. They did all of this simply because they wanted his twitter account.

While, yes, it is important to note the security failures of various service providers like Apple, Amazon, etc. and admonish them for it, there will always be security weaknesses or failures irrespective of what technology or service provider you choose to use. And while yes, it is a good lesson to think about the extent to which you decide to put your life (or at least the important bits of your life) online (and has made me think quite a bit on what I do), perhaps think about this: If one hacker thinks it worthwhile to do all of this for a mere twitter account, imagine the efforts others might take if you are responsible for securing information for an organization that is orders of magnitude more valuable or sensitive. Be afraid. Be very afraid.