It's enough to scare any sensible person into seeking ways to better protect themselves online. Several websites have made suggestions for doing so including this one from Lifehacker.
One important step is to enable two-factor authentication in both your Google Account and Facebook. Enabling this will require you to enter a code sent to your phone via text message before you can access these accounts on an unfamiliar computer. Thus, even if a hacker is able to change your Gmail account's password, they still won't be able to access it without obtaining the code sent to your phone. There is a special procedure for authenticating on certain types of devices so be sure to follow the directions carefully.
Apple responded, "Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password, in this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected."
I am going to play devil's advocate for a few seconds, here. To me, these types of identity fails are what I like to call "online natural selection." We have to evolve and become smarter with our interactions with the "cloud," and getting pwned for being careless is the Darwinian nudge to drop out of the pool and re-enter as an evolved being.
ReplyDeleteThe most ironic thing about this story is that two-factor authentication for Gmail has been out for over a year. Almost 18 months, actually.
Remember that security-wise you needn't outrun the bear chasing you - you only need to outrun the others that are trying to escape the bear as well.
I believe that the onus is on the individual to secure themselves (by two-factor authentication, for example) instead of complaining that a company has failed to live up to its end of the bargain. I assume failure on the other end and plan accordingly.
Excellent points. The companies deserve a little blame - credit card numbers, for example, shouldn't be used for authentication purposes. Amazon announced that they fixed the issue on their end.
DeleteHonan admitted he made a lot of mistakes - such as failing to enable two-factor authentication. But while it has been around for a long time (and undoubtedly Honan was in the circle of people that should have known about it), companies do often fail to properly notify ordinary users (as opposed to security experts) of new security options.