I came across this article and video several days ago but debated a few days before deciding to link it. I finally decided to do so, but first wanted to share these thoughts:
In a video series for Fusion, Kevin Roose documents the terrifying tale of his computer and personal accounts being hacked. As I watched the video I found myself torn (and thus the debate over whether or not to mention it). On one hand, I was horrified that something like this could actually happen. On the other, something about this video felt more than a little disingenuous.
Let's make no mistake, Kevin set this up specifically so he could create this "documentary". He invited hackers to attack him. Assuming the facts of the article a reported are true, it is clearly sensationalized. Kevin set out at the beginning wanting this very outcome, this was not some random event nor was Kevin the unsuspecting target of an attack like Mat Honan.
Why did I decide to share this link? Because despite the sensationalism, it's a reminder that we all have to be vigilant. In this case the hackers used a combination of social engineering and malware which Kevin "accidentally" installed and gave admin access to an attacker through a phishing email.
The social engineering part of this is especially horrifying as an unsuspecting victim can have no idea something happening nor can they do much to protect themselves. We have to trust the companies we do business with to train their employees and enforce good security policies to not compromise our data.
As for the malware, while I don't have much sympathy for Kevin, unfortunately phishing scams are a common vector for malware attacks, even on a Mac.
I'm sure a few people will mention that Kevin used 1Password. In this particular case, the malware that was installed on Kevin's computer was, among other things, a key logger that saved Kevin's keystrokes and the attacker was thus was able to determine his master password. This type of targeted attack, especially with such sophisticated malware installed directly on a user's computer, is extremely rare and adds extra dramatization for Kevin's article. I personally maintain that using a password manager that will allow users to adopt strong, secure, unique passwords is still the best way to protect from the most security breaches and hacks.
The moral of this story...just because you're on a Mac doesn't mean you're safe. We all have to be vigilant.