Mat Honan describes how hackers managed to destroy his entire online life:
Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
There’s much, much more to the story, and it contains all sorts of valuable lessons for both users and corporate storehouses. At a minimum, follow James Fallows’ advice: (a) use Google’s 2-step verification system, (b) use different passwords for all your accounts, and (c) always keep your cloud-based data backed up locally (or, possibly, on a second, separate cloud).
Personally, I’ve chosen not to use Gmail and not to use the cloud extensively, partly because of security concerns. (Other reasons too, though.) But I religiously follow (b). It’s a pain, but if you owned an apartment building you wouldn’t use the same key for every apartment, would you?