Mat Honan’s Epic Hacking and the Importance of Two-Factor Authentication

Last week news broke of the epic hacking of Gizmodo’s Mat Honan. By exploiting security flaws in both Amazon’s and Apple’s account verification and reset procedures, a hacker was able to obtain access to a wide variety of Honan’s accounts, including his iCloud account. Once they’d gained control of Honan’s iCloud account, the hackers were able to remotely wipe his iPhone, iPad, and his Macbook, destroying his personal data, including irreplaceable pictures of his one-year-old daughter:

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

There are many lessons to be learned from Honan’s hacking, but the most important is the sanctity of your e-mail inbox. If a hacker is able to obtain control of your inbox, all is lost: virtually every account linked to your digital identity – from Twitter to Amazon to LinkedIn to iCloud – can be wrested from your control if you lost control of your inbox.

So what is the solution? If you’re making use of Google’s e-mail services, as many of us are, you should immediately activate two-factor authentication. Instead of simply needing a password to log in to your Google inbox (whether provided via Gmail or Google Apps), you enter both your password as well as code that Google sends to you via your mobile phone. A hacker would need both your password as well as your phone to gain access to your account.

Jeff Atwood has a great overview of how you can enable two-factor authentication on your Google Account. I’ve been using two-factor authentication on my Google accounts for the past several months, and it’s an easy way to vastly increase the security of your inbox. If you have doubts as to whether it’s worth the marginal amount of effort to enable and use two-factor authentication, read Mat Honan’s story; when you’re done, go here.


  1. Out of curiosity has anyone using a Blackberry device experienced this sort of extensive hacking?