What Mr. Pierson describes is low-hanging fruit — the kind of security flaws that can quickly be fixed with a little knowledge and attention to detail. Even then, he said, it takes time for the true nature of clients’ vulnerability to sink in. “They’re shocked when we give them their password and tell them where we found it, but it doesn’t hit as hard as when we tell them their entire home automation system has been potentially online and viewable for three or five or eight years,” he said.
When it comes to a Bezos-style breach — potentially at the hands of a nation-state’s intelligence service — high-profile targets would likely be even less prepared. As Mr. Bezos’s lengthy investigation into the 2018 attack shows, it’s difficult to get straight answers even when you have the money and resources to run full forensics.
Of course, it’s not just wealth that turns somebody into a person of interest for hackers. Journalists, government employees, workers at energy companies and utilities could all be targets for someone. Those who work for financial firms, airlines, hospitals, universities, Hollywood studios and tech firms are all potentially at risk. To mitigate that risk, there are plenty of things you can do. You can take steps to secure yourself from corporate data collection using privacy settings on your phone. And to protect yourself from cyberattacks there are helpful guides you can use that have been vetted by security professionals.
For most of us, the attack against Mr. Bezos isn’t the death of privacy, but a reminder of the risks of living a connected life. It should be a moment to think as critically about what you do online as you might in the real world. Invest in a password manager. Turn on dual factor authentication. Be skeptical of any communication that looks out of place.
For the ultrarich and influential, the Bezos hack should be a terrifying revelation that, as the former State Department employee and whistle-blower John Napier Tye told me last autumn, “For someone who’s truly a high-value target, there is no way to safely use a digital device.” The stakes are astronomically high. Not just personally, as Mr. Bezos found, but professionally. Company secrets, matters of national security, access to critical infrastructure and the safety of employees could all be compromised by lax security at the top.
The internet has long been thought of as a truly democratic tool, flattening and democratizing the ability to publish and communicate. It’s also the great privacy equalizer. Money can buy a lot of things. But on a dangerous internet full of exploits, flawed code, shady actors and absent-minded humans, total, foolproof security is not one of them.