How a digital life was recovered using 1Password, Dropbox, and DrivesSavers

About a week ago Mat Honan shared how is digital life was annihilated thanks to a hacker, and the lackadaisical security policies of Apple and Amazon. Now, Honan has shared how he restored his Dropbox account and security information stored in 1Password, reclaimed his Twitter and Google accounts, and most importantly reclaimed the priceless family photos he had stored on his laptop hard drive and never backed up. The details of how Honan got his digital life back are all up on, and include:

Five hours after the hack started, still locked out of everything, I flipped open the lid of [my wife's] computer, and nervously powered it up. And there it was: my Dropbox. And in it, my 1Password keychain, the gateway to my digital life.

SSD recovery wasn't so easy. It involved sending the hardware to DriveSavers:

The bottom line is that I have all my photos and all the home movies I’ve shot. Every one of them. And seemingly all of my most important documents as well. That felt like a miracle. The bill for all this? $1,690. Data doesn’t come cheap.

Honan is back up and running now, and is setting up more secure, better backed up policies for himself and his data. He hasn't gotten any satisfactory explanations yet from Apple, and is justifiable nervous about the elements of his security and data that are out of his hands.

I've already switched on two-factor verification for Google, and changed a lot of my passwords to newer, gnarlier 1Password generated pseudo-random blobs. Check out the complete story via the link below and let me know -- has what happened to Honan caused you to change you security at all?


Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

SuperTooth Buddy hands free Bluetooth speakerphone for iPhone review

Next up →

iOS 6 preview: Siri for iPad

Reader comments

How a digital life was recovered using 1Password, Dropbox, and DrivesSavers


I'm glad he got the pictures of his daughter back because those are irreplaceable. I lost a hard drive one time and lost a few photos, luckily I still had most of them stored on my point and shoot and my phone so the loss was minimal. Now I've gone a little overboard with backup. I use Carbonite to back up my laptop as well as automatic upload of photos from my phone to both Google Plus and Dropbox. I use an Android phone which is my main camera so iCloud doesn't do much for me. The good thing is between the Google Plus, Dropbox and Carbonite Apps I can see all of my photos on my iPad anytime. As far as 2 factor authentication goes I turned it on and lasted about 3 hours until it became to big of a pain for me to deal with. I use fairly strong passwords on mission critical things and less strong ones for things like forums or sites I'm not that concerned with getting hacked.

Re: "...priceless family photos he had stored on his laptop hard drive and never backed up."

Oops. Matt: Carbon Copy Cloner. Time Capsule. Fireproof safe.

Mr Ritchie, I've been hoping that at least one credible journalist would place the blame squarely where it belongs - at the feet of the lackadaisical Mr. Honan but most of all to the criminals who perpetrated this; they need to be tracked down, bought to justice, sentenced to long terms in prisons and restitution paid to Mr. Honan. Unfortunately you are part of the tech pundit crowd that needs to pervert a story to make it about Apple when they were simply a part of the chain that was criminally exploited including Google - did you intentionally neglect to mention their failure in this process? Why are you only blaming Google's competitors? Also, I would like to know why you failed to address the most obvious issue here as it pertains to the lost of Mr. Honan's data. I'm certain that you realize that hard drives are prone to failure and back ups are absolutely essential; the dire straights that Mr. Honan found himself in was due to his failure to back up his data regardless of how the hard drive got erased. It's almost too convenient that Mr. Honan didn't have any backups so as to allow the story to be blown up out of proportion and transformed into a sensationalistic Apple erased my digital life story. Shouldn't an independent minded journalist be asking those hard questions and ascertaining the status of this criminal act - has Mr. Honan filed appropriate reports with the police or FBI? Maybe you'd have a slightly larger audience if you didn't fall into lock step with the rest of the pundits and simply regurgitate the same story.

That comment doesn't seem to address what I've written to date on the subject, but rather an inaccurate alternate reality version of something I didn't write but you're really angry about.

Unfortunately, I can only address what I actually wrote.

Although it is refreshing to be called anti-Apple rather than anti-Google, neither are true. Indeed, ascribing anti-anything (or pre-anything) has nothing to do with me -- I'm not anti- or pro-either. I believe they should be pro-us, not the other way around.

Whatever agenda or preconception you're servicing, it has nothing to do with me. If you'd like to start over and have a discussion about the topic, I'm happy -- indeed, eager -- to oblige.

Mr. Ritchie, I'm not surprised that you responded with logical fallacies instead of addressing any point that I made. The fact is you only blamed the "hacker" (should be criminal) and the "the lackadaisical security policies of Apple and Amazon." That's not actually true. The reason the story became big news was because Mr. Honan made an inexplicable novice error in failing to backup his data. Were Apple, Amazon, and Google (you forgot to mention Google, right?) part of the chain that were criminally exploited? No doubt but let's focus the primary blame on the criminal and secondarily on Mr. Honan's failures that resulted in criminal malicious mischief becoming a catastrophe that ironically he could write a big headline story about. Have you ever heard the adage, "A lack of preparation on your part does not make a crisis on my part?" As for being anti-Apple or pro-Google, that's a perception that one might glean (incorrectly perhaps) from the contents of your article but I'm certainly no apologist for Apple as you might gather from my comment to the Siri article. I'm simply expecting journalists be as free of bias as possible but I didn't see that here.

There's a link at the top to my previous post on the subject, and in that one to the post before.

What you say I haven't done or said is not connected to a reality in which our current universe exists, so again, I can't address is.

However, if instead of accusing me of something, you'd like to discuss it in a mature, productive fashion, I'm really happy to do so.

Personally, I'm paranoid and back up to Dropbox, over Superduper, and to Time Capsule, and I use Google two-factor in several places.

What disturbs me is that I can't protect against Amazon revealing my credit card number or Apple using that to provide access to my account. Hopefully they stop doing that and now. I think they will and have.

...What disturbs me is that I can't protect against Amazon revealing my credit card number or Apple using that to provide access to my account. Hopefully they stop doing that and now. I think they will and have....

So Amazon's failure to protect credit card data become Apple's fault? Even so, you don't have to use the same credit card number for both services, and with iTunes, you don't even need to use a credit card. I'm still scratching my head trying to figure out why the one with the least culpability (Apple) in this sequence of events is getting the major share of the blame. I guess it's just a case of tech pundits circling the wagons, making some hay, and getting more ad impressions.

I'm not sure if you're trying to troll or not? If you're trying to troll, please take it elsewhere. It's not welcome here. If you're not trolling, please reconsider your tone. You can discuss things without being assumptive and combative.

The failure of any step in the chain, prior or latter, does not excuse any other. If I go to retail store, give my email address for some promotion or contest or to get follow up information or help with a product, and then the clerk -- who ran my credit card -- calls Apple and gets my password reset, that exposes the same vulnerability without Amazon or Google.

Google or Amazon making a mistake in no way absolves Apple for making a mistake, or vice versa.

You make many valid points however you missed 3 important details.
1. This is a pro-Apple blog.
2. Bloggers are not journalists.
3. Journalists who write without a biased opinion are rare.

Markbyrne, have you read the original story that Honan wrote about this incident? The one where he accepts reaponsibilty for things in his control that he did wrong? The one where he described the flaws in amazon's and apple's security practices that allowed hackers to get into his accounts, flagrant flaws that could be exploited on anyone? Google isn't at fault because their two factor authentication would have stopped the attack, and Honan wasn't using it. The stuff wrong at apple and amazon, that's not Honan's fault. And no, Honan chose not to press charges so he could find out how the hack was done. Read the piece. Its quite interesting.

Google isn't at fault? The fact is Google revealed Honan's backup email address (Apple), and it should not do so regardless of the authentication. Than the criminal gets credit card info from Amazon, and subsequently that's used to extract information from Apple. So that make it's Apple's fault? Ignoring Mr. Honan's minimal confession of failure for the moment, the chain of events begins with Google but since the primary damage was the erasure of Honan's Mac computer (i.e. the hyperbolic loss of his digital life), the tech media perverts it into being Apple's fault. If we're going to assign blame beyond the criminal and Mr. Honan, Google is first and foremost responsible, than Amazon, than Apple. If Google and Amazon hadn't revealed the information, the Apple sequence doesn't happen. Apple is the least responsible here but apparently they have taken action not do resets via phone anymore. What else does Mr. Honan and Mr. Ritchie expect Apple to do? The question is what should the consumer to do ensure that a security breach is contained. For example I use a disposable credit card number for Apple and a different credit card number for Google, and I use different passwords for different accounts.

It's the sum of the parts that are at fault. How you didn't get that from Honan's posts and both of Rene's posts, I have no idea. Go read it all again. Not once has Rene placed all the blame on Apple. The blame belongs to the hacker, Honan, Google, Amazon, and Apple. All 5 of these parts contributed to this terrible instance. All 5 (well, maybe not the hacker because he's a hacker) should walk away from this learning what they did wrong and take measures to prevent it from happening again. I really don't understand all this hostility.

I would say that both Amazon and Apple just erred too much on the side of user convenience, and too little on the side of security. That is the balance that must be struck, because, like many of you are saying about Google 2 Factor, tighter security does mean a lot more hassle. That's reality. Apple and Amazon just need to tighten up and hassle us a bit more. Maybe just not as much as Google does.

That said, I turned on 2 Factor and left it on. It's worth it to me. I also tightened up my passwords a bit, especially on old accounts, switched my Amazon email to make it different from the one at Apple, and switched the credit cards on file, so that they are different, as well. As for photos, they are backed up on 3 local hard drives, one of which is mothballed in my parent's fire proof vault for full offsite backup. I have also uploaded all of my photos from the last three-four years to Picasa (I guess it's all G+ now, though), and the videos bigger than 1 GB to Google Drive. The only place I'm not protected are photos left on the cameras until I put them on the drives. My iPhone's go to iCloud and all of the above places, as well.

I know I'm on the paranoid side when it comes to backups, but I know some people who lost big chunks of their digital photo libraries because they weren't backing up, so I really took that to heart. Other than the birth of my 11 year old son, all the rest of our family pictures are digital. Even the 35mm we took of my oldest have mostly been digitized, too. That's just too much to lose. I can replace an iPad or computer. I could never replace those thousands of pictures over 10 1/2 years.

I'm so glad that everything worked out for Mr Honan in the end. Hopefully a lot of people learned from the whole mess.

Hahaha, this is priceless. Rene is being accused of unjustly criticizing Apple and letting Google off the hook on purpose. That's borderline psychotic.

Although everybody, including Mr. Honan, has acknowledged that his failure to back up his data was the main culprit for his loss of data, I think this has nothing to with the hack itself, which was the event that caused the data to be lost. Honan and Rene are doing exactly what the should be doing, raising awareness to our personal security policies, and to the flaws on the services of Amazon and Apple that can be exploited to hack accounts.

There's so many ways to hack that it's almost impossible to anticipate them all. But I think I'd want another step added than just having the account password to have the ability to remote wipe. That's last resort and probably the main reason things were worse than they should have been.

I definitely was affected by this story. I immediately activated google's 2-factor authentication service and removed my credit card from amazon. I'm curious to know what is being done with regard to the criminals who committed this crime. I agree that there are plenty of people/entities to blame for what happened (Amazon, Apple, the victim to the least degree), but what is being done about the criminals? Will they be brought to justice! Maybe that alone will help prevent future crimes on this nature.

Mr Honan agreed not to prosecute them so that he could get info from the one that contacted him. However, that doesn't rule out law enforcement going after them, since this was pretty high profile.

The problem with two-factor or two-step verification of gmail password, as I understand it, is that if you don't have your phone or other verification device with you when it you suddenly need it to verify your account (or identity, whatever) you wont be able to get in.