Digital erasure: how to avoid it happening to you

Mat Honan lost everything. Here's how to ensure you don't.

On Friday night, Mat Honan, a senior reporter for Gizmodo, got hacked. Hard:

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. . .

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone

At 5:01 PM, they remote wiped my iPad

At 5:05, they remote wiped my MacBook Air.

A few minutes after that, they took over my Twitter.

The full account of his travails is terrifying for anyone who lives a largely digital life. In fifteen minutes, Honan lost most of his digital property (photos, emails, documents and so on), and most of his ways of communicating with the outside world. Not just email and twitter, but phone calls, and text messages.

How it happened has only become clear since Friday, and presents a worrying picture of security at Apple. The initial breach, in Honan's iCloud account, was done by someone who successfully convinced Apple support to reset the password without knowing the original password, or any security questions associated with the account. Simply put, that should not be possible. From there, however, a series of easily made but unfortunate decisions allowed it to spiral out of control.

What's particularly scary about Honan's situation is that, in a number of ways, he followed best-practices. His iCloud account password was unique, alphanumeric, and never got leaked or cracked. Yet he still lost everything. But there are two things which may – just – have been able to improve the situation.


It sounds really simple, and you have in fact probably been told it before, but back-up. Back-up everything, and preferably back it up more than once. As Marco Arment says, if you can afford a MacBook Air, iPhone and iPad, you can definitely afford an external hard drive.

More importantly, don't confuse what are two separate services: back-up and syncing. If all your precious photos are stored on Dropbox or iCloud, that protects you against some types of data loss – dropping your laptop in the bath, that sort of thing – but not others. And frankly, most data loss these days isn't hardware or software failure but "wetware" – your brain. It's when you delete a file, and empty the trash, and only then realise that you actually really wanted to keep that piece of data (yes, I have done this (with my entire Applications folder (it hurts))). If you are using a backup service which deletes the backup when you delete the original, that's not a huge help. And even worse is that many of them will delete the original if you delete the backup.

This is especially useful if you have a service – like iCloud – which allows remote wiping. If you turn on a switch which allows all your data to be erased, it's probably worth making sure you have a plan in case you have to hit that switch. If you don't keep back-ups, turn that off.

Password resets

If you are sensible – and many people aren't – you'll have different passwords for every service. Honan did. The problem is that although that removes most possibilities for losing multiple accounts, it doesn't take away the weakest link. If Linked.In gets hacked, that password shouldn't be able to gain access to anything else, but if your email account is hacked, you may well be screwed. Most services are designed to allow anyone with a password or access to the registered email account ​to log-on. Making the former secure and then leaving the latter open is not the best move. So what's the best thing to do?

Step one is to make sure that the email address password resets go to is the most secure possible one. For most people who don't have extra-strong security needs, that means a Gmail account with two-step encryption. Every time you try to log-on from a new computer, you get sent a text (or check a special app) with a code to finish the log-in. Unless someone steals that as well, you're safe.

Step two is to remove password resets from that address. There's no point having a secure email address if you can reset the password by requesting it from a less secure one. Step three is to stop​ using it for anything but account registrations. It will be impossible to keep it totally secure, because of the number of services which still identify you by your address, but it's better than handing it out to everyone.

But the question that still remains is whether Apple and iCloud can be trusted at all. Following Honan's story, it certainly seems a bad idea to link any other accounts to your iCloud. Until the company responds, however, we can't know quite how bad it will be.


Mat Honan has now made public just how the hack happened, and it's even scarier than we thought. There are severe security flaws in Amazon and Apple's password reset procedures that allow someone to take over both accounts with just your name, email address and billing address. This is not, by any stretch of the imagination, confidential data – yet until those procedures are changed, it would be best to treat it as such, and to attempt to limit the amount of damage which would happen if those accounts were compromised.

How to trick Amazon:

First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry's published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you've lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account -- not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn't have anything to share by press time.

Delete – even if you don't want to. Photograph: Cari McGee/

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Azeem Ward
Show Hide image

Living the Meme: What happened to Azeem Ward and his flute?

In the first of a new series investigating what happens to people after they become memes, we speak to Azeem Ward, whose flute recital went viral in 2015.

The Sixties had Woodstock. The Nineties had Lollapalooza. The Tens – and, if we’re being honest, just a single year of them – had Azeem's Senior Flute Recital.

If you were inactive on the internet between 12 and 16 May 2015, you’ll be forgiven for not knowing who Azeem Ward is. After setting up a Facebook page for his end of year flute performance, the University of California student was inundated with over 100,000 RSVPs from the United Kindom, along with multiple requests to fly to England and play (for no apparent reason) Darude’s “Sandstorm” in Nando’s. After international news coverage, Ward – as all memes inevitably do – appeared on Jimmy Kimmel Live! to discuss his newfound fame. On 16 May, he had to turn hordes of people away from the 500 seat recital hall, and over 55,000 individuals tuned into a livestream of the event. Then, Ward disappeared. Not from social media, and not from the world, but from the internet’s collective consciousness.

Search interest in "Azeem Ward" over time

“I’d say no,” answers Ward, when I ask him whether, one and a half years later, he still receives any special attention or has any fan interactions. “I’m just regular Azeem now, and I’m okay with that. Regular me is a more focussed person that is not reacting to things that are happening around me.”

Ward is Skyping me from his home in Iowa, where he is getting his master’s degree in flute performance. He spends his time composing flute beatbox songs, learning how to produce music, and teaching a class on flute fundamentals at the university. “A lot of [the students] here in Iowa know what happened but they don’t go like: ‘Oh my God! It’s Azeem!’. It’s just like, ‘Hey, what’s up man? I saw that one thing about you on Jimmy Kimmel’.”  

The original Facebook event page

Ward regained his anonymity when he moved to Iowa, as many of his fellow undergraduate students in California recognised him because he was on the local news. “But the whole viral thing was a UK thing,” he explains, “It wasn’t really around the whole US.”

An Azeem meme

Four months after his famed flute recital, Ward did come to the UK and toured the country to perform as part of various university freshers’ weeks. “That was a crazy time,” he says, “I was over there for five weeks and played 22 shows in 12 different cities, all the way from London to Scotland.” His concerts were popular, though most people came to take a selfie or ask about how the recital happened, and only a few wanted to talk to him about music. Still, Ward profited from the events. “We did make some pretty good money," he says, admitting he earnt around $5,000. 

Despite clearly enjoying this time, Ward seems unfazed that his viral fame is now over. His only regrets, he says, are that he didn’t make any connections in the music business while in the UK, and that he didn’t have any social media accounts set up before he went viral, so there was nowhere for people to go to listen to his music. “When you go viral people hold onto that rather than taking you seriously as a musician,” he says. “Sometimes it annoyed me but sometimes I realised that I wouldn’t be there in the first place if it wasn’t for going viral.”

Azeem now, photo courtesy of Azeem Ward

So what advice would Ward give to the next person who finds themselves, unwittingly, the object of the internet’s affection?

“I'd say don't lose sight of what you've already been doing in your life, like keep your focus. I'd say that sometimes in your head you're like ‘Oh man, I have to do this now’, but you've just got to stay focussed on your goals. When you have your own path and you go viral you have a lot of people asking you to do all these different things. It was pretty intense – I’m not used to having a lot of people look at me and my actions, so I was pretty anxious at first. In the end I realised that I came to do what I came to do, and I had to go do it.”

Although Ward doesn’t miss being internet-famous, it is clear that going viral had an impact on him. He recalls the peak of the madness with telling clarity, sharing specific details such as "256 people” clicked attending in "four hours", and “then 512”, before 12,000 people RSVP’d overnight. Mostly, however, he seems very grounded, though he acknowledges it was “out of control” and “really crazy”.

Perhaps Ward feels this way because he received little in the way of negativity or hate. He fondly discusses memes that were created and art that was drawn about him, and the support of his family and friends. “Even though there were a lot of silly things going on, I managed to make it positive for the school,” he says. “I had no haters. Everyone was like ‘Damn, Azeem. Good job, man’.”

One day, Ward hopes to come back to London, although he is wary of returning. Not because of his viral fame, nor the number of selfies he might have to take with Nando's customers, but because of Brexit. Our conversation, like all post-June conversations, turns swiftly to the topic, and Ward asks me about the economy. “I was thinking about trying to do a doctorate over in London, but if things aren't going to be so good in a few years...” 

Ward admits he wouldn’t be bothered if he never went viral again. “When I think of something going viral, I think it has a point in time where there’s so much interest and then it goes away. I’d like to produce material and the attention to keep going up.” So do you want to be famous, I ask? “Do I really want to be famous?” he ponders. “Being famous is okay, I guess. But I want to be is respected and appreciated.”

To listen to Azeem’s music visit or Like his Facebook page.

To suggest an interviewee for Living the Meme, reach out to Amelia on Twitter.

Amelia Tait is a technology and digital culture writer at the New Statesman.