LOGBOOK

HELP

Quiz Entry - updated: 2026.06.12

What are the key lessons and best defenses against account-chaining attacks like the Mat Honan hack?

Enable 2FA everywhere and maintain offline backups.

Key lessons:

  1. Account chaining is exponential — each compromised account unlocks the next
  2. Public information is dangerous — email addresses, billing addresses, and partial account details can be pieced together
  3. Companies have inconsistent security standards — what Amazon considers non-sensitive (last 4 CC digits), Apple used as identity verification
  4. Customer service is a social engineering vector — phone support staff are trained to be helpful, not suspicious
  5. Cloud-only data is fragile — Honan lost irreplaceable family photos because he had no local backups

Key facts from the case:

  • The attacker was a 19-year-old hacker
  • Could have caused far more damage but only wanted the Twitter handle — "lucky" for Honan
  • The best protection would have been 2FA and backups

Best defenses:

  • Enable 2FA/MFA on every account (preferably hardware keys or authenticator apps, not SMS)
  • Use unique, strong passwords via a password manager
  • Don't chain recovery emails — use separate recovery methods for critical accounts
  • Maintain offline backups (3-2-1 rule: 3 copies, 2 media types, 1 offsite)
  • Minimize public information — don't display email addresses on personal websites

Tip: After this incident, Apple suspended phone-based Apple ID resets for 24 hours and Amazon stopped allowing credit cards to be added via phone support.

From Quiz: INTROL / Open Your Mind – Creative Thinking for Problem Solving | Updated: Jun 12, 2026