You ever feel super safe and secure with your precious iPhone, knowing that your password is yours and yours alone, uncrackable by nearly anyone? After all, Apple’s a huge company with millions of customers, so your stuff is safe, right? Wrong.
If your username and password are taken from you, then you can find yourself with a world of frustration as you try to make things right. Mat Honan, a writer for WIRED Magazine, ran into this problem when hackers got access to his iCloud account.
He sent out these messages to readers describing his ordeal:
At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password, and then reset it to do the damage to my devices.
The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone
At 5:01 PM, they remote wiped my iPad
At 5:05, they remote wiped my MacBook Air.
The end result, is massive devastation.
I still can’t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else.
Honan was stunned that he lost nearly everything he had after one hacker did a brute force entry into his iCloud account. Experts are saying that iCloud should consider a two-step verification process, similar to the one used by Google. When you give your username and password, Google will sometimes send a six digit code to you via text message that you need in order to get access to your key accounts.
If you have an iCloud account and many of the exciting new devices that Apples has rained down upon you, please be careful and thoughtful about the passwords that you choose.