Time Machine backup disk stolen from luggage... how big of a risk is this?

Discussion in 'Mac Basics and Help' started by InfoTime, May 5, 2016.

  1. InfoTime macrumors 6502

    Joined:
    Jul 17, 2002
    #1
    Time Machine backup disk stolen from luggage... how big of a risk is this?

    This happened to a customer of mine. It was not an encrypted backup. She didn't have any Word docs called "Passwords for all my sites" or anything stupid like that. Nor did she have spreadsheets with financial account numbers or anything sensitive.

    Main concern might be gaining access to her Yahoo mail or logging into a financial institution's website. As far as I know a restored Time Machine backup won't retain passwords or sessions. If there is any risk it would require the skill of a computer forensics expert to do any damage. Right?

    But, within the same week her credit card was breached and her bank had her set up new security questions, security picture and new password. I'm having trouble connecting the two.

    Coincidence or not?
     
  2. throAU macrumors 601

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #2
    If the backup was not encrypted then i'd suggest she change all her passwords. I thought that saved passwords would be saved/restored from TM backup? It's been a while.

    Anything saved in the browser will be accessible if an attacker was to restore the TM backup to a machine and then go through the browser history and attempt to go to sites she had passwords saved and set to stay logged in to.

    I'd strongly suggest to her that she assume that anything that was saved in her browser is compromised and act accordingly. Better to be safe than sorry, etc.
     
  3. richard2, May 6, 2016
    Last edited: May 6, 2016

    richard2 macrumors regular

    richard2

    Joined:
    Oct 21, 2010
    Location:
    England, United Kingdom
    #3
    Safari's cookies and site credentials are both included in Time Machine backups:

    • Cookies are stored in the file ~/Library/Cookies/Cookies.binarycookies, which isn't encrypted.
    • Site credentials are stored in the keychain, which is encrypted.

    As throAU has already stated, your client should assume that any open sessions in her web browser have been compromised. If she used a weak keychain password, then she should also assume that the contents of her keychain has been compromised. I'd recommend that she immediately change all of the passwords for her most sensitive accounts (such as e-mail).

    Which web browser does your client use?
     
  4. InfoTime thread starter macrumors 6502

    Joined:
    Jul 17, 2002
    #4
    Pretty sure it's just Safari. She is on an old OS, 10.7, which I'm going to upgrade next week for her. Also, for mail she just uses web-based Yahoo.

    Other than access to email (which might allow for password resets on other sites) I'm having a hard time imagining the risks for financial sites - my banks log me out after about 5 minutes of inactivity.
    --- Post Merged, May 6, 2016 ---
    Good news: the drive wasn't lost or stolen. She had someone check her other home and it turns out it was sitting right there.

    Feel free to continue the conversation though....
     
  5. glenthompson macrumors 68000

    glenthompson

    Joined:
    Apr 27, 2011
    Location:
    Virginia
    #5
    Tell her to encrypt the backup drive as well as the main drive.
     
  6. throAU macrumors 601

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #6
    Well, unless she's using a password manager, obtaining the other passwords (and other personal information) may help an attacker guess the banking password(s). Will also potentially enable an attacker to ring the bank and get a password reset - most of the identifying questions the banks use are things like "what's your mother's name", "what's your date of birth", etc. which are pretty much easily obtained from most people's computer or email. Or Facebook, or whatever may have an open session on the internet.

    So yeah, encrypting TM backups is a good idea.

    As is running a password manager.

    1. because your passwords will be stronger
    2. because you don't need to remember them anyway, changing them is not as much of a hassle - you don't need to spend time re-memorizing them
     

Share This Page