Security & Privacy

A number of reports are telling the tale of how actress Salma Hayek’s MobileMe account was “hacked”. We’d rather say it was “owned”; it was not hacked, as such, but someone did get into it.

Here’s what happened. Rather than trying to log into her account, someone entered her e-mail address and clicked the Forgot Password button. This takes you to a page where you enter an Apple ID, and are then asked to enter your birthday and answer a security question. In this case, it was relatively easy for someone to find this information. Hayek’s birthday is easy to find, and her security question, “What is my favorite role?” was pretty simple as well. (It was “Frida”.)

This highlights an inherent weakness of many e-mail services, where your identity depends on some simple questions (often “What is your mother’s maiden name?”) that people can figure out without too much trouble. If your question is, “What is my dog’s name?”, anyone can go to your blog or Facebook page to find the correct answer. Whenever possible, you should choose a security question that is easy to answer, but which others cannot figure out.

If you use MobileMe, you can change the security question by going to your account, then clicking Password Settings. In the Security Information section, type a new question (and not “What is my pet’s name” as suggested). Type the answer and click Save. You could also change your birthday, but you had better remember the new date you’ve chosen.

With a stronger security question, it will be much harder for anyone to take over your account. Remember, this account is not only your MobileMe information, but also your AppleID, which is used for iTunes purchases; anyone who gets control of it could spend your hard-earned money for iTunes loot. Think of doing the same for other sites where you have personal information that might be targeted by acquaintances or strangers. This simple bit of extra protection can make a big difference in securing your identity.