Dateline | March 25, 2013
>>> which sho sort of nightmare would you be in if your entire digital life had suddenly vanished? you couldn't even turn on your smartphone to call for help . this wasn't a bad dream . it really happened.
>> it was actually shocking. i had no idea that that was something that i had to worry about.
>> matt, a senior writer for the tech magazine, "wired" is one of the last people you'd expect to get hacked. he should know better than most people how to protect his account. but last august, hackers took control of his entire digital life , including everything he stored in his cloud and they torched it all.
>> they wipe out your account, that also has the pictures of your newborn daughter on it, right?
>> right. and i didn't know if i could get them back or not. i was pretty distraught about that.
>> matt set out to uncover how the hackers had gotten in.
>> you actually had an exchange with one of the people responsible for hacking you; is that right?
>> that's right. i told them that i wouldn't press charges if they explained it to me.
>> and what the hacker explained was so simple, it shocked the tech writers. we won't give you every detail about how they did it, but starting with only matt's name, e-mail and address, info they had online, the hackers called amazon customer support pretending to be him and tricked the representative into giving him a new password.
>> it turns out the last four digits were all they needed to get a password reset from apple. so, next, they called apple and gave them those numbers and with that, they were in.
>> that easy.
>> from apple, they got into his google acount and then twitter. the hackers called it low-tech tricks, social engineering . and they can render even the strongest password useless.
>> the reality is it's a good old con-job, isn't it?
>> yes, absolutely. to give you an indication, the google password that i had, it was 19 characters long, letters, numbers and symbols.
>> that didn't protect you?
>> matt has reported extensively on security. as a result, amazon, paypal, aol have all changed how they issue new passwords. but according to matt, many online companies still aren't doing enough. to find out, we chose three large and well-known internet companies. e-bay, netflix and expedia and called customer service for each claiming to be locked out of our account. on the phone, we gave them real information about ourselves, a few basic facts that could be found on the internet or flat out guess, just as matt's hackers had done. e-bay gave us a new password right over the phone.
>>> weeks later, we tried again but we're told that e-bay policies had just changed.
>> and there's no way to get a temporary password?
>> but we called back just minutes later and a different customer service rep did change our password over the phone.
>> okay. i'm ready for that temporary password.
>> we called netflix four times. twice, for security, customer service reps wouldn't change the password unless we could testimony them the last four digits of the credit card on file. but on other calls, they quickly changed that password without those credit card numbers . expedia told us they won't change a password on the phone. they'll send you a link to change it yourself. so we opened a new e-mail account and asked them to send the link to that e-mail, not the one that they had on file. and they did all three times we called.
>> okay, so you've sent a new password to that e-mail account?
>> when we logged back into our acount, there was credit card data for the taking. and, on expedia, a full passport number.
>> what can somebody do with that?
>> they could apply for credit cards in your name, open a new bank acount, all kinds of things.
>> so what should you do?
>> to some extent, there's nothing you can do. other than demanding better security from the companies you do business with.
>> all three companies told us they're continuely strerngtenning their procedures. they try to balance privacy with customer convenience. e-bay also said that the representative who gave us a new password on the phone made a serious mistake in violation of their policies. because we can't just quit the internet, we have to make the best of the current situation. back up your data regularly and don't make it easy for people to get into your account.
>> the most common password people use is password. the second is 1,2,3,4,5. what's the worst problem is people use the same password on one site and another.
>> i do that.
>> you should stop doing that.
>> matt, it turns out, was lucky. his hackers were just teenagers looking to steal his tacky twitter handle,@mat.
>> you were able to uncover those pictures of your newborn.
>> they were not replaceable.
>> coming up, the chemicals and the things you and your kids use every day. what do you know about them?
>> and do some of them get into our bodies? what will dateline testing find?
>>> and, coming up later on "dateline," he could be a poster boy for living the good life. but this is the poster he's on now. join the hunt for one of the least likely fugitives ever to make the f.b.i.'s ten most-wanted list.
>> i always thought that he would be caught within a month or two. and then a year went by. and two years went by. and then five years went by.
>> maybe you've seen something that can help the f.b.i. bring him in. ; you've seen