Hackers can do a lot worse than steal your data and identity. They can wipe your digital life almost entirely so you'll never get it back.

Just ask Mat Honan, a writer for Wired who suffered this attack. Friday evening, the San Francisco-based journalist had his iPhone reboot to a setup screen, its storage erased. By the time he realized his MacBook Air had locked him out as part of a remote wipe, he saw that his iPad had also been nuked. And like too many people, he hadn't backed up the laptop.

BLOG: How Do You Hack Into a Phone?

Honan then noticed that somebody had hijacked his iCloud and Twitter accounts and deleted his Gmail identity, as he wrote in a Tumblr post. Racist, homophobic tweets streamed from his widely followed @mat username – and the @gizmodo account he'd linked when he wrote for that tech blog.

I know the victim, so the crime seems especially vile. A cheerful early adopter of the Internet and one of the most pleasant users online, Honan creates amusing "single-serving sites" in his spare time. And, for one Wired piece, he spent a month broadcasting his location in real-time on various iPhone apps.

Last week, the Net betrayed his trust.

DNEWS VIDEO: Gadgets and Gizmos

After conversations with one of the hackers and sources at Amazon, Apple, Google and Twitter, Honan explained what happened in a lengthy Wired.com article.

The fault wasn't malware or weak passwords. The bad guys only needed "social engineering" to talk Apple into surrendering access to the iCloud e-mail that Honan had set as a recovery address for his Gmail, which in turn governed his Twitter handle.

WATCH VIDEO: Hackers Vs. Cyber Criminals

First, an attempted Gmail password reset listed an obscured but easily guessed iCloud address as a backup.

Then the hackers tackled Amazon, adding a credit-card number to Honan's account over the phone by producing his street address (listed in his domain-name registration) and e-mail. They called back to say they'd lost access, authenticating themselves with his name, address and the new card; Amazon's password-reset screen showed the last four digits of other saved cards.

Amazon publicist Ty Rogers wrote Tuesday that the company had closed that exploit.

Next, they phoned Apple to request a temporary password and got one after providing only a street address and the last four digits of the saved card (which, remember, could have also come from a stray receipt). Wired was able to duplicate this exploit. Boom.

As of Wednesday morning, Apple PR hadn't answered a query sent Tuesday morning, but Wired reported that the company had stopped resetting passwords over the phone.

Why Honan in particular? The hackers, he wrote, only wanted to play with a three-letter Twitter handle. Everything else, including possibly zapping a year and a half of photos of Honan's baby, was collateral damage.

BLOG: In Case of Cyber Attack…?

Most of us aren't such an attractive target, but our risk is not zero either. Five defensive measures come to mind, which Honan endorsed when I talked with him by phone on Tuesday:

• Keep a local backup of your data. (On a Mac, use Time Machine; in Windows, use Microsoft's built-in utility; CrashPlan can work too.)
• Until Apple fixes a security policy that can be defeated without advanced social engineering, don't store a heavily used credit card at the iTunes Store.
• Disable Find My Mac on your computers, in the System Preferences app's iCloud section. Find My iPhone/iPad remains useful; Honan said it recently helped recover his wife's phone.
• Whatever e-mail you set for password recovery should be obscure, certainly not an iCloud .me or .mac address.
• If you use Gmail for anything vital, enable "two-step verification" to ensure people can't take it over with just a password.

Be careful out there, everyone.

Credit: Rob Pegoraro / Discovery