This reminds me a lot of Mat Honan’s story, where a combination of security flaws at Apple and Amazon enabled his accounts to be hacked, resulting in the loss of lots of personal data.
There are a lot of takeaways here:
- If someone hacks your domain, they will have access to all of the emails associated with that domain. Because email is the primary method of web verification, if you use that email account for website logins, they will have the ability to reset your password on those websites. Avoid this by using a “generic” email account (Gmail, for example) for your various site logins.
- Ask companies like PayPal to add a note to your account explaining that details should not be released by phone.
- Don’t let companies store your credit card numbers.
- Always use two-factor authentication. (Enabling for: Gmail, PayPal, Facebook)
(via Alex King)