Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Time Machine backup disk stolen from luggage... how big of a risk is this?

I

InfoTime

macrumors 6502a
Original poster
Jul 17, 2002
500
261
Time Machine backup disk stolen from luggage... how big of a risk is this?

This happened to a customer of mine. It was not an encrypted backup. She didn't have any Word docs called "Passwords for all my sites" or anything stupid like that. Nor did she have spreadsheets with financial account numbers or anything sensitive.

Main concern might be gaining access to her Yahoo mail or logging into a financial institution's website. As far as I know a restored Time Machine backup won't retain passwords or sessions. If there is any risk it would require the skill of a computer forensics expert to do any damage. Right?

But, within the same week her credit card was breached and her bank had her set up new security questions, security picture and new password. I'm having trouble connecting the two.

Coincidence or not?
 
throAU

throAU

macrumors G3
Feb 13, 2012
8,831
6,996
Perth, Western Australia
If the backup was not encrypted then i'd suggest she change all her passwords. I thought that saved passwords would be saved/restored from TM backup? It's been a while.

Anything saved in the browser will be accessible if an attacker was to restore the TM backup to a machine and then go through the browser history and attempt to go to sites she had passwords saved and set to stay logged in to.

I'd strongly suggest to her that she assume that anything that was saved in her browser is compromised and act accordingly. Better to be safe than sorry, etc.
 
richard2

richard2

macrumors regular
Oct 21, 2010
236
51
England, United Kingdom
Safari's cookies and site credentials are both included in Time Machine backups:

  • Cookies are stored in the file ~/Library/Cookies/Cookies.binarycookies, which isn't encrypted.
  • Site credentials are stored in the keychain, which is encrypted.

As throAU has already stated, your client should assume that any open sessions in her web browser have been compromised. If she used a weak keychain password, then she should also assume that the contents of her keychain has been compromised. I'd recommend that she immediately change all of the passwords for her most sensitive accounts (such as e-mail).

Which web browser does your client use?
 
Last edited:
  • Like
Reactions: throAU
I

InfoTime

macrumors 6502a
Original poster
Jul 17, 2002
500
261
Pretty sure it's just Safari. She is on an old OS, 10.7, which I'm going to upgrade next week for her. Also, for mail she just uses web-based Yahoo.

Other than access to email (which might allow for password resets on other sites) I'm having a hard time imagining the risks for financial sites - my banks log me out after about 5 minutes of inactivity.
[doublepost=1462558896][/doublepost]Good news: the drive wasn't lost or stolen. She had someone check her other home and it turns out it was sitting right there.

Feel free to continue the conversation though....
 
throAU

throAU

macrumors G3
Feb 13, 2012
8,831
6,996
Perth, Western Australia
InfoTime said:
Pretty sure it's just Safari. She is on an old OS, 10.7, which I'm going to upgrade next week for her. Also, for mail she just uses web-based Yahoo.

Other than access to email (which might allow for password resets on other sites) I'm having a hard time imagining the risks for financial sites - my banks log me out after about 5 minutes of inactivity.
[doublepost=1462558896][/doublepost]Good news: the drive wasn't lost or stolen. She had someone check her other home and it turns out it was sitting right there.

Feel free to continue the conversation though....
Click to expand...

Well, unless she's using a password manager, obtaining the other passwords (and other personal information) may help an attacker guess the banking password(s). Will also potentially enable an attacker to ring the bank and get a password reset - most of the identifying questions the banks use are things like "what's your mother's name", "what's your date of birth", etc. which are pretty much easily obtained from most people's computer or email. Or Facebook, or whatever may have an open session on the internet.

So yeah, encrypting TM backups is a good idea.

As is running a password manager.

  1. because your passwords will be stronger
  2. because you don't need to remember them anyway, changing them is not as much of a hassle - you don't need to spend time re-memorizing them
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom