RENEE MONTAGNE, HOST:
Mat Honan is perhaps the last person one might think would fall prey to hackers. He's a senior writer at Wired.com, and has covered the technology industry for over a decade. He's very tech-savvy. He owns the latest gadgets, knows their strengths and weaknesses. And yet last Friday, as he describes it, his entire digital life was destroyed. Over the course of an hour, all the contents of his iPhone, his MacBook, his iPad and his Gmail went poof. He joined us from San Francisco to explain what happened, and what this might mean for the rest of us.
MAT HONAN: Good morning. Thanks for having me.
MONTAGNE: Thank you. Well, it already sounds like a horror story just in this brief description I've given. You documented what happened to you in a story for Wired.com. Do please repeat that for us. What did all of your screens do when your digital life went up in smoke?
HONAN: I had gotten home from work a little early when suddenly my phone turned off, and I thought that the battery had died. I went downstairs to where my computer was and went to plug it into my computer. And as I opened my laptop, that screen gave me an error and told me my Gmail address was wrong. Then all of a sudden, the screen went gray and asked me for a four-digit pin. At that point, I began to suspect I was being hacked, and I could literally see my computer getting wiped in front of my eyes.
MONTAGNE: Well, it turned out it was not very hard for hackers to get access to all your data. They exploited, basically, the weakness between Amazon and Apple to break into your life. Can you briefly walk us through what happened there?
HONAN: They first went to Amazon, gave Amazon a new credit card and asked to have it applied to my account. They knew my email address there and my billing address, because they had just looked up my address online. They then hung up and called back Amazon. And they knew this from prior experience, that you could call Amazon, and if you can give Amazon a credit card number on file Amazon will send an email that allows you to go into the account. And that's exactly what they did. Once they're in my Amazon account, they could see the other credit cards that I had on file, not the entire number, just the last four digits. Similar to, you know, when you get a receipt in a restaurant it'll show you just the last four digits of your credit card or...
MONTAGNE: Right. That's really common.
HONAN: Right. That's very common. Well, it turns out that those last four digits are all that Apple required to issue a temporary password reset. So once they had those and they knew my billing address, and they knew my name, and they knew my email address; they are able to call Apple and, based just on that, Apple issued them a temporary password reset. That enabled them to go into my account and just wreak havoc.
MONTAGNE: Now you know who these hackers are because you've been in touch with them.
HONAN: That's right. I setup a second Twitter account that night, and began communicating with the people who were in control of my Twitter account. I told one of them - and I've really only been in contact with one of the people who did this, and apparently it was a team - that if he would agree to tell me how he did all this I wouldn't, you know, press charges or take any kind of action against him. So he then walked me through all the steps and it was really eye-opening.
MONTAGNE: How have these companies - and we've been talking a lot about Apple - how have these companies responded? As a Wired.com reporter you must have a larger mouthpiece than the average user who might have suffered something like you've suffered.
HONAN: That's true. Amazon already changed their policy. They changed their system so that you can't call in and give a credit card number and do the same things anymore to get into somebody's account. Apple has also issued a temporary hold on letting their phone tech support people issue new passwords. So if you call Apple you want a new password, they won't give you one - at least for now. You have to go in online and do things like answer security questions, which previously you didn't have to do if you called them. And I would hope that that means that they're not going to be accepting something really easy like the last four digits of a credit card number anymore.
MONTAGNE: And you did manage to restore some of what was lost. What been the process of piecing back together what was lost?
HONAN: I was able to recover my Google account using their online tools. What I haven't been able to do yet is find any of the data from my Mac. You know, I lost a year and a half of pictures of my daughter, pictures of her with her great grandparents who are now deceased. I mean just really, you know, wonderful, precious memories that I'm really hoping I'll be able to get back.
MONTAGNE: Mat Honan is a senior writer at Wired.com. Thanks for joining us.
HONAN: Thank you for having me.
MONTAGNE: His story, "How Apple and Amazon Security Flaws Led to My Epic Hacking," is at Wired.com. Transcript provided by NPR, Copyright National Public Radio.