Victoria’s Secret model, Gigi Hadid is reportedly being blackmailed by hackers who allegedly stole photographs of her from her iCloud account and are threatening to make them public unless she pays a ransom. Hadid has indicated that she has no intention of paying anything to the hackers. This case brings back memories of the hacking and release of nude photos of a number of celebrities including Jennifer Lawrence, Kate Upton and Kim Kardashian in September of 2014. Although presently it is unconfirmed whether her iCloud account actually has been hacked and, if so, how it was done, it is helpful to look back at how the celebrity iCloud accounts were hacked last year. Using the “forgot password” link on Apple’s iCloud, it appears in many instances, the hacker answered the security questions and was able to reset the victims’ passwords and gain access to their iCloud accounts. In other instances, the phones were hacked directly from where the photos were stolen.
There are a number of lessons that we all can learn from how easy it was for hackers to gain access to someone’s iCloud account. And to paraphrase Shakespeare the fault is most often not “in the stars,” but our own responsibility. All of us can be targets of hacking and we need to protect ourselves. You should use a unique password for all of your accounts so if any of your accounts are hacked, the rest of your accounts are not in jeopardy. Make sure the password is a complex password that is not able to be guessed through a brute force attack. Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password. Also, even if you are not a celebrity, you would be surprised how much information is available online about you that can be used to come up with the answer to your security questions. It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of what is your mother’s maiden name. Also, take advantage of the dual-factor identification protocols offered by Apple and many others. With dual-factor identification, your password is only the starting point for accessing your account. After you have put in your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account. Had Jennifer Lawrence and the other hacked celebrities used the dual-factor identification protocol last year, they would still have their privacy. It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth. Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones. However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.